19 matches found
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to improper input sanitization in the --python-cell-magics option when constructing cache file names. An attacker can write files to arbitrary locations on the file system by supplying crafted input. Details A...
MiracleLinux 7 : fontconfig-2.10.95-10.el7 (AXSA:2016-1121:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-1121:01 advisory. Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. Security issues fixed with this...
EUVD-2020-17323
Malware in sbrugna...
CVE-2021-0281
On Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure RPKI receipt of a specific packet from the RPKI cache server may cause routing process daemon RPD to crash and restart, creating a Denial of Service DoS condition. Continued receipt...
PYSEC-2021-13
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage e.g., filesystem, Memcached, Redis, etc., they can construct a crafted payload, poison the...
ALPINE-CVE-2020-24606
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cachepeer is used with the cache digests feature. The problem exists because...
WAGO PFC200 Stack Buffer Overflow Vulnerability (CNVD-2020-16852)
The WAGO PFC200 is a programmable logic controller PLC from WAGO Germany. A stack buffer overflow vulnerability exists in the iocheckd service 'I/O-Check' function of the WAGO PFC200 03.02.0214. An attacker could exploit this vulnerability via a specially crafted XML cache file to achieve code...
WAGO PFC200 Stack Buffer Overflow Vulnerability (CNVD-2020-16850)
The WAGO PFC200 is a programmable logic controller PLC from WAGO Germany. A stack buffer overflow vulnerability exists in the iocheckd service 'I/O-Check' function of the WAGO PFC200 03.02.0214. An attacker could exploit this vulnerability via a specially crafted XML cache file to achieve code...
DEBIAN-CVE-2016-5384
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file...
CVE-2016-5384
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file...
Fontconfig Arbitrary Code Execution Vulnerability
fontconfig is a library of functions that provide system-wide font settings, customization and allow applications to access them. An arbitrary code execution vulnerability exists in fontconfig, which can be exploited to trigger an arbitrary free call, which can lead to a double free attack to...
UBUNTU-CVE-2016-5384
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file...
CVE-2016-5384
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file...
PT-2016-6398 · Fontconfig +5 · Fontconfig +5
Name of the Vulnerable Software and Affected Versions: fontconfig versions prior to 2.12.1 Description: The issue allows local users to trigger arbitrary free calls and conduct double free attacks, potentially leading to the execution of arbitrary code. This can be achieved via a crafted cache...
python-jinja2: FileSystemBytecodeCache insecure cache temporary file use
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...
DEBIAN-CVE-2014-1402
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...
PYSEC-2014-8
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...
CVE-2014-1402
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...
UBUNTU-CVE-2014-1402
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...