Lucene search
K

50 matches found

cnnvd
cnnvd
•added 2024/03/19 12:0 a.m.•3 views

Python Security Vulnerabilities

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and earlier versions, which...

7.8CVSS6.8AI score0.00313EPSS
Exploits0References16
redhatcve
redhatcve
•added 2024/02/14 8:32 p.m.•58 views

CVE-2023-6516

A flaw was found in the named application, part of the bind9 package, which uses a cache database to speeds up DNS queries. To maintain its efficiency when running as a recursive name resolver, named performs a cache database clean up under certain conditions. This issue may allow an attacker to...

7.5CVSS6.9AI score0.01097EPSS
Exploits0References4
osv
osv
•added 2024/02/14 12:35 a.m.•16 views

GHSA-84XV-JFRM-H4GM registry-support: decompress can delete files outside scope via relative paths

A vulnerability was found in the decompression function of registry-support. This issue can be triggered by an unauthenticated remote attacker when tricking a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files...

8CVSS8.4AI score0.00942EPSS
Exploits0References7
github
github
•added 2024/02/14 12:35 a.m.•34 views

registry-support: decompress can delete files outside scope via relative paths

A vulnerability was found in the decompression function of registry-support. This issue can be triggered by an unauthenticated remote attacker when tricking a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files...

9.3CVSS7.8AI score0.00942EPSS
Exploits0References6Affected Software1
redhatcve
redhatcve
•added 2024/02/13 10:34 p.m.•16 views

CVE-2024-1485

A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the parent or plugin keywords. This could download a malicious archive and cause the cleanup process to overwrite o...

8CVSS7.8AI score0.00942EPSS
Exploits0References6
prion
prion
•added 2023/10/25 6:17 p.m.•20 views

Design/Logic Flaw

Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller...

5.5CVSS8.1AI score0.0135EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
•added 2023/10/25 1:45 p.m.•15 views

CVE-2023-46654

Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller...

7.1AI score0.0135EPSS
Exploits0References2
cvelist
cvelist
•added 2023/10/25 1:45 p.m.•37 views

CVE-2023-46654

Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller...

8.3AI score0.0135EPSS
Exploits0References2
osv
osv
•added 2023/08/16 7:15 p.m.•2 views

UBUNTU-CVE-2023-4387

A use-after-free flaw was found in vmxnet3rqallocrxbuf in drivers/net/vmxnet3/vmxnet3drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3rqcleanupall, which could also lead to ...

7.1CVSS6.2AI score0.00245EPSS
Exploits0References6
redhat
redhat
•added 2022/11/01 2:20 p.m.•5 views

hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR)

A flaw was found in hw. Incomplete cleanup of multi-core shared buffers for some IntelĀ® Processors may allow an authenticated user to enable information disclosure via local access...

5.5CVSS6.5AI score0.06283EPSS
Exploits0References5
Rows per page
Query Builder