Lucene search
K

23178 matches found

GithubExploit
GithubExploit
added 2025/01/03 7:5 a.m.62 views

Exploit for Out-of-bounds Read in Microsoft

CVE-2024-49113-Checker Script to test whether your environment...

7.5CVSS7AI score0.83642EPSS
Exploits6
SUSE Linux
SUSE Linux
added 2025/01/02 8:45 a.m.5 views

Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: CVE-2024-56201: Fixed sandbox breakout through malicious content and filename of a template bsc1234808 CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method bsc1234809 Patch Instructions: To install this SUSE...

8.1CVSS7.2AI score0.005EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2025/01/02 12:0 a.m.5 views

The vulnerability of the C-more Programming Software for programming and configuring sensor panels (EA9 Series) arises from the execution of operations beyond the buffer boundaries in memory. This allows a hacker to execute arbitrary code.

The vulnerability of the C-more Programming Software EA9 Series for programming and configuring sensor panels is related to the execution of operations outside the buffer in memory when processing EAP9 format files. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

7.8CVSS7.9AI score0.00278EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.3 views

PT-2025-39346

Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description The GIMP software contains a stack-based buffer overflow in the ILBM file parsing functionality. This issue could allow for remote code execution. Recommendations At the moment, there is no...

7.8CVSS8.3AI score0.02751EPSS
Exploits0References43
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.7 views

PT-2025-34647 · Libbiosig +1 · Libbiosig +1

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 through Master Branch 35a819fa Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability...

9.8CVSS7.2AI score0.00636EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.8 views

PT-2025-34640 · Libbiosig +1 · Libbiosig +1

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 through Master Branch 35a819fa Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability...

9.8CVSS7.4AI score0.00636EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.6 views

PT-2025-34635

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 libbiosig Master Branch 35a819fa Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability...

9.8CVSS7.5AI score0.00659EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.6 views

PT-2025-34624 · Libbiosig +1 · Libbiosig +1

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 and Master Branch 35a819fa Description: An integer overflow vulnerability exists in the GDF parsing functionality. A specially crafted GDF file can lead to arbitrary code execution. An attacker can provide a malicious...

9.8CVSS7AI score0.00634EPSS
Exploits1References11
Vulnrichment
Vulnrichment
added 2024/12/31 2:20 p.m.10 views

CVE-2023-6602 Ffmpeg: improper handling of input format in tty demuxer of ffmpeg

A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists...

5.3CVSS6.8AI score0.00412EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/12/30 12:0 a.m.11 views

PT-2024-36826 · Unknown · Free-One-Api

Name of the Vulnerable Software and Affected Versions: free-one-api versions up to and including 1.0.1 Description: The issue concerns the use of MD5, a cryptographically broken hashing algorithm, to hash passwords before sending them to the backend. This makes it vulnerable to collision attacks...

6.9CVSS6.8AI score0.00323EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/12/30 12:0 a.m.2 views

Delta Electronics DRASimuCAD 安全漏洞

Delta Electronics DRASimuCAD is a robot simulation integration platform developed by Delta Electronics. A type confusion vulnerability exists in the parsing of the Delta Electronics DRASimuCAD STP file, which can be exploited by an attacker to submit a special file request and trick the user into...

7.8CVSS7.5AI score0.00351EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/12/26 12:0 a.m.6 views

The vulnerability of the Teamcenter Visualization lifecycle management system and the Siemens Tecnomatix Plant Simulation software environment, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of the Teamcenter Visualization lifecycle management system and the Siemens Tecnomatix Plant Simulation software environment relates to the execution of operations beyond the buffer in memory when processing WRL files. Exploiting this vulnerability could allow an attacker to...

7.8CVSS6.3AI score0.00246EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2024/12/23 5:56 p.m.2 views

GHSA-Q2X7-8RV6-6Q7H Jinja has a sandbox breakout through indirect reference to format method

An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on th...

7.8CVSS7.5AI score0.005EPSS
Exploits0References6
Snyk
Snyk
added 2024/12/23 4:40 p.m.3 views

Template Injection

Overview Affected versions of this package are vulnerable to Template Injection when an attacker controls the content of a template. This is due to an oversight in the sandboxed environment's method detection when using a stored reference to a malicious string's format method, which can then be...

8.1CVSS7AI score0.005EPSS
Exploits0References2
OSV
OSV
added 2024/12/23 4:15 p.m.2 views

ALPINE-CVE-2024-56326

Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...

5.4CVSS8.7AI score0.005EPSS
Exploits0References1
OSV
OSV
added 2024/12/23 4:15 p.m.1 views

UBUNTU-CVE-2024-56326

Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...

7.8CVSS7.2AI score0.005EPSS
Exploits0References6
CVE
CVE
added 2024/12/23 3:43 p.m.934 views

CVE-2024-56326

CVE-2024-56326 affects Jinja2 prior to 3.1.5, where an oversight in the sandboxed environment allows an attacker who can control template content to execute arbitrary Python code. The vulnerability arises from how calls to str.format can be indirectly invoked via filters, bypassing sandbox protec...

7.8CVSS7.1AI score0.005EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.4 views

The vulnerability in the mainfunction.cgii web interface of DrayTek Vigor software allows a hacker to execute arbitrary code.

The vulnerability in the mainfunction.cgii web interface of the DrayTek Vigor router software system involves the use of uncontrolled format strings. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

10CVSS8.1AI score0.03302EPSS
Exploits1References3Affected Software3
CNNVD
CNNVD
added 2024/12/23 12:0 a.m.2 views

Jinja 安全漏洞

Jinja is a fast, expressive and extensible template engine open-sourced by Pallets. A security vulnerability exists in Jinja versions prior to 3.1.5, which stems from a sandbox environment that detects improperly called str.format, allowing an attacker who controls the content of a template to...

7.8CVSS7.4AI score0.005EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/12/19 12:0 a.m.5 views

The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the execution of operations beyond the buffer boundaries in memory. This allows attackers to execute arbitrary code.

The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the execution of operations beyond the buffer boundaries in memory when processing PAR format files. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

7.8CVSS6.3AI score0.00211EPSS
Exploits0References3
Rows per page
Query Builder