20 matches found
CVE-2025-65213
MooreThreads torchmusa through all versions contains an unsafe deserialization vulnerability in torchmusa.utils.comparetool. The compareforsingleop and naninftrackforsingleop functions use pickle.load on user-controlled file paths without validation, allowing arbitrary code execution. An attacker...
EUVD-2025-203406
MooreThreads torchmusa through all versions contains an unsafe deserialization vulnerability in torchmusa.utils.comparetool. The compareforsingleop and naninftrackforsingleop functions use pickle.load on user-controlled file paths without validation, allowing arbitrary code execution. An attacker...
CVE-2025-65213
MooreThreads torchmusa through all versions contains an unsafe deserialization vulnerability in torchmusa.utils.comparetool. The compareforsingleop and naninftrackforsingleop functions use pickle.load on user-controlled file paths without validation, allowing arbitrary code execution. An attacker...
CVE-2025-65213
MooreThreads torchmusa through all versions contains an unsafe deserialization vulnerability in torchmusa.utils.comparetool. The compareforsingleop and naninftrackforsingleop functions use pickle.load on user-controlled file paths without validation, allowing arbitrary code execution. An attacker...
torch_musa 安全漏洞
torchmusa is an open source repository open-sourced by Moore Threads Corporation. A security vulnerability exists in torchmusa, which stems from unsafe deserialization in torchmusa.utils.comparetool that could lead to the execution of arbitrary code...
CVE-2025-65213
MooreThreads torchmusa through all versions contains an unsafe deserialization vulnerability in torchmusa.utils.comparetool. The compareforsingleop and naninftrackforsingleop functions use pickle.load on user-controlled file paths without validation, allowing arbitrary code execution. An attacker...
EUVD-2023-36383
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-43113
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iTextPDF in iText 7 and up to excluding 4.4.13.3 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command...
CVE-2023-32115
An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system...
CVE-2023-32115
An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system...
CVE-2023-32115
An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system...
CVE-2023-32115
CVE-2023-32115 affects SAP MDS COMPARE TOOL, where an attacker can use specially crafted inputs to trigger a SQL injection in MDS COMPARE TOOL, allowing reading and modifying database commands and exposing additional persisted information. The issue is documented across multiple feeds (NVD, Red H...
CVE-2023-32115 SQL Injection in Master Data Synchronization (MDS COMPARE TOOL)
An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system...
CVE-2023-32115 SQL Injection in Master Data Synchronization (MDS COMPARE TOOL)
An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system...
SUSE CVE-2021-43113
iTextPDF in iText 7 and up to excluding 4.4.13.3 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...
GHSA-GV87-Q66H-4277 Command injection in itext7-core
iTextPDF in iText before 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...
Command Injection
Overview com.itextpdf:itextpdf is a software developer toolkit that allows users to integrate PDF functionalities within their applications, processes or products. Affected versions of this package are vulnerable to Command Injection. An attacker controlling the filename passed to the CompareTool...
PT-2021-23745 · Unknown +1 · Ghostscript +1
Name of the Vulnerable Software and Affected Versions: iText versions prior to 7.1.17 Description: The issue allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java. This can occur when a malicious filename is provide...
January 2, 2019, update for Office 2016 (KB4461435)
January 2, 2019, update for Office 2016 KB4461435 This article describes update 4461435 for Microsoft Office 2016 that was released on January 2, 2019.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply t...
Rockwell Automation Logix Designer Compare Tool Detection (Windows SMB Login)
SMB login-based detection of Rockwell Automation Logix Designer Compare Tool. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...