23178 matches found
Exploit for Out-of-bounds Read in Microsoft
CVE-2024-49113-Checker Script to test whether your environment...
Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: CVE-2024-56201: Fixed sandbox breakout through malicious content and filename of a template bsc1234808 CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method bsc1234809 Patch Instructions: To install this SUSE...
The vulnerability of the C-more Programming Software for programming and configuring sensor panels (EA9 Series) arises from the execution of operations beyond the buffer boundaries in memory. This allows a hacker to execute arbitrary code.
The vulnerability of the C-more Programming Software EA9 Series for programming and configuring sensor panels is related to the execution of operations outside the buffer in memory when processing EAP9 format files. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
PT-2025-39346
Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description The GIMP software contains a stack-based buffer overflow in the ILBM file parsing functionality. This issue could allow for remote code execution. Recommendations At the moment, there is no...
PT-2025-34647 · Libbiosig +1 · Libbiosig +1
Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 through Master Branch 35a819fa Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability...
PT-2025-34640 · Libbiosig +1 · Libbiosig +1
Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 through Master Branch 35a819fa Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability...
PT-2025-34635
Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 libbiosig Master Branch 35a819fa Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability...
PT-2025-34624 · Libbiosig +1 · Libbiosig +1
Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 and Master Branch 35a819fa Description: An integer overflow vulnerability exists in the GDF parsing functionality. A specially crafted GDF file can lead to arbitrary code execution. An attacker can provide a malicious...
CVE-2023-6602 Ffmpeg: improper handling of input format in tty demuxer of ffmpeg
A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists...
PT-2024-36826 · Unknown · Free-One-Api
Name of the Vulnerable Software and Affected Versions: free-one-api versions up to and including 1.0.1 Description: The issue concerns the use of MD5, a cryptographically broken hashing algorithm, to hash passwords before sending them to the backend. This makes it vulnerable to collision attacks...
Delta Electronics DRASimuCAD 安全漏洞
Delta Electronics DRASimuCAD is a robot simulation integration platform developed by Delta Electronics. A type confusion vulnerability exists in the parsing of the Delta Electronics DRASimuCAD STP file, which can be exploited by an attacker to submit a special file request and trick the user into...
The vulnerability of the Teamcenter Visualization lifecycle management system and the Siemens Tecnomatix Plant Simulation software environment, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code.
The vulnerability of the Teamcenter Visualization lifecycle management system and the Siemens Tecnomatix Plant Simulation software environment relates to the execution of operations beyond the buffer in memory when processing WRL files. Exploiting this vulnerability could allow an attacker to...
GHSA-Q2X7-8RV6-6Q7H Jinja has a sandbox breakout through indirect reference to format method
An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on th...
Template Injection
Overview Affected versions of this package are vulnerable to Template Injection when an attacker controls the content of a template. This is due to an oversight in the sandboxed environment's method detection when using a stored reference to a malicious string's format method, which can then be...
ALPINE-CVE-2024-56326
Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...
UBUNTU-CVE-2024-56326
Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...
CVE-2024-56326
CVE-2024-56326 affects Jinja2 prior to 3.1.5, where an oversight in the sandboxed environment allows an attacker who can control template content to execute arbitrary Python code. The vulnerability arises from how calls to str.format can be indirectly invoked via filters, bypassing sandbox protec...
The vulnerability in the mainfunction.cgii web interface of DrayTek Vigor software allows a hacker to execute arbitrary code.
The vulnerability in the mainfunction.cgii web interface of the DrayTek Vigor router software system involves the use of uncontrolled format strings. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
Jinja 安全漏洞
Jinja is a fast, expressive and extensible template engine open-sourced by Pallets. A security vulnerability exists in Jinja versions prior to 3.1.5, which stems from a sandbox environment that detects improperly called str.format, allowing an attacker who controls the content of a template to...
The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the execution of operations beyond the buffer boundaries in memory. This allows attackers to execute arbitrary code.
The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the execution of operations beyond the buffer boundaries in memory when processing PAR format files. Exploiting this vulnerability can allow an attacker to execute arbitrary code...