291 matches found
pip can extract console_scripts and gui_scripts outside installation directory
...
PYSEC-2026-196
pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...
PYSEC-0000-CVE-2026-8643
pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...
CVE-2026-8643
pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...
PYSEC-2026-196
pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...
CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory
pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...
CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory
pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...
CVE-2026-8643
pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...
PT-2026-41465
Name of the Vulnerable Software and Affected Versions Backup and Restore version 1.0.3 Description Authenticated attackers can delete arbitrary files from the WordPress installation directory. This is achieved by sending POST requests to the 'admin-ajax.php' endpoint with manipulated file name an...
EUVD-2024-55588
Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution...
CVE-2024-36334
The CVE-2024-36334 issue affects the Radeon RGB tool in AMD graphics. It stems from improper verification of cryptographic signatures, enabling a malicious file placed in the installation directory to run with elevated privileges and potentially execute arbitrary code. The vulnerability is rated ...
CVE-2024-36334
Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution...
CVE-2026-0432
Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution...
CVE-2025-48512
Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller GPIO could allow an attacker to achieve privilege escalation resulting in arbitrary code execution...
EUVD-2026-30497
Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution...
CVE-2026-0432
Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution...
CVE-2026-0432
The CVE-2026-0432 issue relates to the AMD chipset driver. The root cause is incorrect default permissions in the installation directory, which could allow a local attacker to escalate privileges and achieve arbitrary code execution. Affected component is the AMD chipset driver and its installati...
CVE-2025-48512
Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller GPIO could allow an attacker to achieve privilege escalation resulting in arbitrary code execution...
CVE-2025-48512
Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller GPIO could allow an attacker to achieve privilege escalation resulting in arbitrary code execution...
CVE-2025-48512
CVE-2025-48512 affects the AMD GPIO installation directory where incorrect default permissions could enable local privilege escalation and arbitrary code execution. Root cause: improper default permissions. Impact: local attacker could escalate privileges; CVSS 4.0/7.0 high. Affected: AMD GPIO/in...