CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

392 matches found

Prion•added 2022/12/16 11:15 p.m.•10 views

Design/Logic Flaw

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...

4.3CVSS6.5AI score0.00809EPSS

Exploits1References3Affected Software1

OSV•added 2022/12/16 11:15 p.m.•15 views

PYSEC-2022-42993

6.5CVSS6.9AI score0.00809EPSS

Exploits1References3

Cvelist•added 2022/12/16 10:56 p.m.•14 views

CVE-2022-23530 GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package

5.8CVSS6.6AI score0.00809EPSS

Exploits1References3

OSV•added 2022/12/16 10:56 p.m.•15 views

CVE-2022-23530 GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package

5.8CVSS6.6AI score0.00809EPSS

Exploits1References5

Github Security Blog•added 2022/12/05 11:34 p.m.•32 views

GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package

Summary Unsafe extracting using shutil.unpackarchive from a remotely retrieved tarball may lead to writing the extracted file to an unintended destination. Details Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destination file path is...

6.5CVSS0.6AI score0.00809EPSS

Exploits1References6Affected Software1

Kitploit•added 2022/04/02 8:30 p.m.•113 views

Odin - Central IoC Scanner Based On Loki

Odin is a central IoC scanner based on Loki General Info This application Loki latest version and download it on all machines using a powershell script and run it then this app receives the respose from all machines and parse the feed in CSV form. Requirements 1. Python +3.5 2. PyQT5 3. psutil 4...

7.2AI score

Exploits0References6

NVD•added 2022/01/31 11:15 a.m.•14 views

CVE-2021-23521

This affects the package juce-framework/JUCE before 6.1.5. This vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic link. When extracted, the symbolic link is followed outside of the target dir allowing writing arbitrary files on the target host. In...

7.8CVSS0.00076EPSS

Exploits1References2

NVD•added 2022/01/31 11:15 a.m.•7 views

CVE-2021-23520

The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the ZipFile::uncompressEntry function in juceZipFile.cpp. This vulnerability is triggered when the archive is extracted upon calling uncompressTo on a ZipFile object...

9.8CVSS0.00738EPSS

Exploits1References3

OSV•added 2022/01/31 11:15 a.m.•26 views

CVE-2021-23521

7.8CVSS7.5AI score

Exploits0References2

UbuntuCve•added 2022/01/31 11:15 a.m.•30 views

CVE-2021-23521

7.8CVSS7.3AI score0.00076EPSS

Exploits1References3

UbuntuCve•added 2022/01/31 11:15 a.m.•17 views

CVE-2021-23520

9.8CVSS7.2AI score0.00738EPSS

Exploits1References4

OSV•added 2022/01/31 11:15 a.m.•0 views

UBUNTU-CVE-2021-23520

9.8CVSS5.8AI score0.00738EPSS

Exploits1References5

Debian CVE•added 2022/01/31 10:50 a.m.•19 views

CVE-2021-23521

7.8CVSS7.8AI score0.00076EPSS

Exploits1

Cvelist•added 2022/01/31 10:50 a.m.•17 views

CVE-2021-23521 Link Following

5.5CVSS8AI score0.00076EPSS

Exploits1References2

CNNVD•added 2022/01/31 12:0 a.m.•2 views

Raw Material Software Juce 后置链接漏洞

Raw Material Software Juce is an open source cross-platform C++ application framework from Raw Material Software, UK. Used to create high quality desktop and mobile applications including Vst, Vst3, Au, Auv3, Rtas and Aax audio plugins. A backlink vulnerability exists in Raw Material Software Juc...

7.8CVSS7.4AI score0.00076EPSS

Exploits1References3

CNNVD•added 2022/01/31 12:0 a.m.•2 views

Raw Material Software Juce 路径遍历漏洞

Raw Material Software Juce is an open source cross-platform C++ application framework from Raw Material Software, UK. Used to create high quality desktop and mobile applications including Vst, Vst3, Au, Auv3, Rtas and Aax audio plugins. A path traversal vulnerability exists in Raw Material Softwa...

9.8CVSS8.3AI score0.00738EPSS

Exploits1References4

OpenVAS•added 2021/11/02 12:0 a.m.•23 views

Python 3.3.x < 3.3.4 RC1 DoS Vulnerability (bpo-20078) - Linux

Python is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

7.1CVSS5.7AI score0.0778EPSS

Exploits1References2

Packet Storm•added 2021/09/22 12:0 a.m.•158 views

OpenCats 0.9.4-2 XML Injection

Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Date: 2021-09-20 Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...

7.5CVSS7.6AI score0.39744EPSS

Exploits3

RedHat Linux•added 2021/08/03 9:20 a.m.•2 views

php: Use of freed hash key in the phar_parse_zipfile function

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, pharparsezipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure...

4.8CVSS7.3AI score0.00754EPSS

Exploits1References4

NVD•added 2021/05/14 12:15 p.m.•10 views

CVE-2021-24284

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP...

9.8CVSS0.67997EPSS

Exploits3References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by