Lucene search
K

23170 matches found

RedHat Linux
RedHat Linux
added 2025/01/28 4:59 a.m.5 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/01/28 12:0 a.m.3 views

Google Golang 安全漏洞

Google Golang is a static strongly typed, compiled language from Google.Go's syntax is close to that of C, but differs with respect to variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages that...

7.5CVSS6.8AI score0.00587EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/01/28 12:0 a.m.2 views

PT-2025-5648 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: PIMCORE affected versions not specified Description: A Stored Cross-Site Scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the PDF upload functionality. This can result in the execution of malicious script...

8.1CVSS5.9AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/01/27 7:32 p.m.3 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/01/27 1:33 p.m.3 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2025/01/27 12:0 a.m.8 views

The vulnerability of the QuTS operating systems and QTS network devices allows unauthorized access to protected information with root privileges, due to insufficient handling of format lines.

The vulnerability of the QuTS operating systems and QTS network devices involves insufficient handling of the format string. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information with root privileges...

6.5CVSS5.5AI score0.00522EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/01/27 12:0 a.m.5 views

The vulnerability of the QuTS operating systems and QTS network devices allows unauthorized access to protected information with root privileges, due to insufficient handling of format lines.

The vulnerability of the QuTS operating systems and QTS network devices involves insufficient handling of the format string. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information with root privileges...

6.5CVSS5.5AI score0.00456EPSS
Exploits0References2
OSV
OSV
added 2025/01/24 6:45 p.m.2 views

GHSA-3WWR-3G9F-9GC7 ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape

Summary If an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. Details The vulnerability is rooted in how asteval performs handling of FormattedValue AST nodes. In...

8.4CVSS6.2AI score0.00229EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/01/24 6:45 p.m.19 views

ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape

Summary If an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. Details The vulnerability is rooted in how asteval performs handling of FormattedValue AST nodes. In...

8.4CVSS8.9AI score0.00229EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2025/01/24 4:52 p.m.19 views

CVE-2025-24359 ASTEVAL Vulnerable to Maliciously Crafted Format Strings Leading to Sandbox Escape

ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is...

8.4CVSS0.00229EPSS
Exploits0References3
CVE
CVE
added 2025/01/24 4:52 p.m.72 views

CVE-2025-24359

CVE-2025-24359 affects the Python package asteval prior to 1.0.6. The root cause is in the handling of FormattedValue AST nodes in on_formattedvalue, which uses the dangerous Str.format path (fmt.format(fstring =val)). This can allow an attacker who controls input to bypass restrictions and execu...

8.4CVSS8.7AI score0.00229EPSS
Exploits0References3
Amazon
Amazon
added 2025/01/24 12:0 a.m.4 views

Important: python-jinja2

Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS8.2AI score0.005EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/01/23 4:2 p.m.5 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
Fedora
Fedora
added 2025/01/23 1:45 a.m.12 views

[SECURITY] Fedora 41 Update: SDL2_sound-2.0.4-1.fc41

SDLsound is a library that handles the decoding of several popular sound file formats, such as .WAV and .OGG. It is meant to make the programmer's sound playback tasks simpler. The programmer gives SDLsound a filename, or feeds it data directly from one of many sources, and then reads the decoded...

7.8CVSS7.2AI score0.0056EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/01/22 12:0 a.m.5 views

The vulnerability of the libspeech service in the Mercedes-Benz User Experience (MBUX) system allows a intruder to trigger a service failure.

The vulnerability of the libspeech service in the Mercedes-Benz User Experience MBUX multimedia system is related to the buffer overflow in dynamic memory during the processing of UD2 format files. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS7.5AI score0.00264EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/01/21 12:0 a.m.5 views

The vulnerabilities of the functions CHBString::const_iterator::incrementSteps() and CHBString::remove() in the UserData service of the Mercedes-Benz Multimedia User Experience (MBUX) system allow a hacker to trigger a service failure.

The vulnerabilities of the functions CHBString::constiterator::incrementSteps and CHBString::remove of the UserData service in the Mercedes-Benz Multimedia User Experience MBUX system are related to buffer overflows in dynamic memory during the decoding of UD2 format files. Exploiting these...

5.5CVSS7.5AI score0.0033EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2025/01/16 12:0 a.m.3 views

CISA: Microsoft Expanded Cloud Logs Implementation Playbook

This playbook provides a detailed overview of the newly introduced logging capabilities in Microsoft Purview Audit Standard. These capabilities enable organizations to conduct forensic and compliance investigations by accessing critical events...

6.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/01/15 9:41 p.m.2 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/01/15 3:42 p.m.2 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2025/01/15 8:0 a.m.4 views

Jinja has a sandbox breakout through indirect reference to format method

...

7.8CVSS7AI score0.005EPSS
Exploits0
Rows per page
Query Builder