GHSA-747F-WW56-4Q4H Kedro deserialization vulnerability

A Remote Code Execution RCE vulnerability has been identified in the Kedro ShelveStore class version 0.19.8. This vulnerability allows an attacker to execute arbitrary Python code via deserialization of malicious payloads, potentially leading to a full system compromise. The ShelveStore class use...

CVE-2024-12215 Remote Code Execution in kedro-org/kedro

In kedro-org/kedro version 0.19.8, the pullpackage API function allows users to download and extract micro packages from the Internet. However, the function projectwheelmetadata within the code path can execute the setup.py file inside the tar file, leading to remote code execution RCE by running...

CVE-2024-9701

CVE-2024-9701 —Kedro’s ShelveStore (version 0.19.8) is vulnerable to Remote Code Execution due to unsafe deserialization: it uses Python’s shelve (pickle-based) and a crafted payload stored in the shelve file can execute arbitrary code upon deserialization. Details are tied to Kedro 0.19.8; no re...

Kedro 代码问题漏洞

Kedro is a production-ready data science toolkit from Kedro Open Source. A code issue vulnerability exists in Kedro version 0.19.8, which stems from deserializing a malicious payload and could lead to remote code execution...

Lemmy 代码问题漏洞

Lemmy is Lemmy open source free software for building social news aggregators and web forums. A code issue vulnerability exists in Lemmy 0.19.8 and earlier versions, which stems from a dependency in activitypubfederation that does not properly handle Webfinger requests, leading to server-side...

NewStart CGSL MAIN 5.04 : gettext Vulnerability (NS-SA-2023-0068)

The remote NewStart CGSL host, running version MAIN 5.04, has gettext packages installed that are affected by a vulnerability: - An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read- catalog.c, related to an invalid free in pogramparse in po-gram-gen....

CVE-2022-26255

Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column...

PT-2022-17746 · Unknown · Clash For Windows

Name of the Vulnerable Software and Affected Versions: Clash for Windows version 0.19.8 Description: The issue allows for arbitrary code execution via a crafted payload injected into the Proxies name column. Recommendations: For Clash for Windows version 0.19.8, consider restricting access to the...

Denial of Service (DoS)

Overview libxmljs is a libxml bindings for v8 javascript engine Affected versions of this package are vulnerable to Denial of Service DoS. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the...

Amazon Linux 2 : gettext (ALAS-2020-1477)

The version of gettext installed on the remote host is prior to 0.19.8.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1477 advisory. An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read- catalog.c, related to an...

CVE-2018-18751

An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt...

Huawei EulerOS: Security Advisory for gettext (EulerOS-SA-2020-1248)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for gettext (EulerOS-SA-2019-1966)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.3.0 : gettext (EulerOS-SA-2019-2320)

According to the version of the gettext packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to...

[ASA-201908-14] gettext: arbitrary code execution

Arch Linux Security Advisory ASA-201908-14 ========================================== Severity: High Date : 2019-08-24 CVE-ID : CVE-2018-18751 Package : gettext Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-885 Summary ======= The package gettext before...

CVE-2018-18751

An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt...

GNU gettext 'default_add_message' function double release vulnerability

GNU gettext is an open source package for writing multilingual programs developed by the GNU Project. A double release vulnerability exists in the 'defaultaddmessage' function of the read-catalog.c file in GNU gettext version 0.19.8. No details of the vulnerability are provided at this time...