Lucene search
K

23151 matches found

RedHat Linux
RedHat Linux
added 2025/02/10 9:1 p.m.8 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
OSV
OSV
added 2025/02/10 7:15 p.m.2 views

ALPINE-CVE-2025-1153

A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfdsetformat of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The...

5.9CVSS6.5AI score0.01252EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/02/10 6:29 a.m.4 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2025/02/08 6:17 a.m.17 views

Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection

Cybersecurity researchers have uncovered two malicious machine learning ML models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning...

8.1AI score
Exploits0
Fedora
Fedora
added 2025/02/08 2:18 a.m.10 views

[SECURITY] Fedora 41 Update: rust-eif_build-0.2.1-3.fc41

This CLI tool provides a low level path to assemble an enclave image format EIF file used in AWS Nitro Enclaves...

7.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/02/06 3:46 p.m.27 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/02/06 5:2 a.m.4 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/02/06 1:16 a.m.3 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/02/05 10:10 p.m.10 views

CVE-2022-33938

A format string injection vulnerability exists in the ghomeprocesscontrolpacket functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious X...

9.8CVSS6.8AI score0.00898EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:3 p.m.7 views

CVE-2022-22299

A format string vulnerability CWE-134 in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 throu...

7.8CVSS7.3AI score0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:50 p.m.11 views

CVE-2022-35877

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a...

9.8CVSS7.2AI score0.00869EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:50 p.m.12 views

CVE-2022-35886

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacke...

8.8CVSS7AI score0.01241EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:50 p.m.19 views

CVE-2022-35244

A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload ...

9.8CVSS6.8AI score0.01261EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:55 p.m.16 views

CVE-2019-5143

An exploitable format string vulnerability exists in the iwconsole coniowritestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands whil...

8.8CVSS7.8AI score0.04652EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:59 p.m.8 views

CVE-2020-15203

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...

7.5CVSS6.4AI score0.00952EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 2:45 p.m.9 views

CVE-2020-6148

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow...

8.8CVSS7AI score0.0133EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:45 p.m.10 views

CVE-2020-6089

An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. A specially crafted ANI file can cause a buffer overflow resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

8.8CVSS8.2AI score0.02669EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:41 p.m.9 views

CVE-2020-6147

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow...

8.8CVSS7AI score0.01433EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:36 p.m.13 views

CVE-2020-6150

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow...

8.8CVSS7AI score0.0133EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:44 p.m.7 views

CVE-2020-13321

A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added...

8.3CVSS6.3AI score0.01418EPSS
Exploits1
Rows per page
Query Builder