Lucene search
K

23165 matches found

RedHat Linux
RedHat Linux
added 2025/02/06 1:16 a.m.3 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/02/05 10:10 p.m.10 views

CVE-2022-33938

A format string injection vulnerability exists in the ghomeprocesscontrolpacket functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious X...

9.8CVSS6.8AI score0.00898EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:3 p.m.8 views

CVE-2022-22299

A format string vulnerability CWE-134 in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 throu...

7.8CVSS7.3AI score0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:50 p.m.11 views

CVE-2022-35877

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a...

9.8CVSS7.2AI score0.00869EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:50 p.m.12 views

CVE-2022-35886

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacke...

8.8CVSS7AI score0.01241EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:50 p.m.19 views

CVE-2022-35244

A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload ...

9.8CVSS6.8AI score0.01261EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:55 p.m.17 views

CVE-2019-5143

An exploitable format string vulnerability exists in the iwconsole coniowritestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands whil...

8.8CVSS7.8AI score0.04652EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:59 p.m.8 views

CVE-2020-15203

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...

7.5CVSS6.4AI score0.00952EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 2:45 p.m.9 views

CVE-2020-6148

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow...

8.8CVSS7AI score0.0133EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:45 p.m.10 views

CVE-2020-6089

An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. A specially crafted ANI file can cause a buffer overflow resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

8.8CVSS8.2AI score0.02669EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:41 p.m.9 views

CVE-2020-6147

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow...

8.8CVSS7AI score0.01433EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:36 p.m.13 views

CVE-2020-6150

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow...

8.8CVSS7AI score0.0133EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:44 p.m.7 views

CVE-2020-13321

A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added...

8.3CVSS6.3AI score0.01418EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 1:42 p.m.19 views

CVE-2020-13493

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an...

8.8CVSS7AI score0.0133EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 11:28 a.m.17 views

CVE-2024-34668

Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability...

8.8CVSS7.9AI score0.00547EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:18 a.m.12 views

CVE-2024-34665

Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability...

8.8CVSS7.9AI score0.00547EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:16 a.m.11 views

CVE-2024-23362

Cryptographic issue while parsing RSA keys in COBR format...

7.1CVSS7AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:13 a.m.8 views

CVE-2024-54091

A vulnerability has been identified in Solid Edge SE2024 All versions V224.0 Update 12, Solid Edge SE2025 All versions V225.0 Update 3. The affected application contains an out of bounds write past the end of an allocated buffer while parsing XT data or a specially crafted file in XT format. This...

7.8CVSS7.7AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:20 a.m.5 views

CVE-2024-24570

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...

8.2CVSS6.4AI score0.00734EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/02/05 12:0 a.m.5 views

The vulnerability of the uvc_parse_format() function in the drivers/media/usb/uvc/uvc_driver.c file of the Linux operating system’s UVC driver kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the uvcparseformat function in the drivers/media/usb/uvc/uvcdriver.c file, a part of the Linux kernel’s USB Video Class UVC driver, relates to memory access beyond the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

7.8CVSS7.1AI score0.03301EPSS
Exploits1References32Affected Software6
Rows per page
Query Builder