Lucene search
+L

106 matches found

Cvelist
Cvelist
added 2024/02/21 4:13 p.m.37 views

CVE-2024-23346 pymatgen arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string

Pymatgen Python Materials Genomics is an open-source Python library for materials analysis. A critical security vulnerability exists in the JonesFaithfulTransformation.fromtransformationstr method within the pymatgen library prior to version 2024.2.20. This method insecurely utilizes eval for...

9.3CVSS9.7AI score0.03816EPSS
Exploits8References3
CVE
CVE
added 2024/02/21 4:13 p.m.305 views

CVE-2024-23346

CVE-2024-23346 affects pymatgen: the JonesFaithfulTransformation.from_transformation_str() method insecurely uses eval() on untrusted input, enabling arbitrary code execution during CIF parsing. This is tied to a vulnerability in the CIF parser path and is documented as a critical issue with a fi...

9.3CVSS9.4AI score0.03816EPSS
Exploits8References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/21 4:13 p.m.45 views

CVE-2024-23346 pymatgen arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string

Pymatgen Python Materials Genomics is an open-source Python library for materials analysis. A critical security vulnerability exists in the JonesFaithfulTransformation.fromtransformationstr method within the pymatgen library prior to version 2024.2.20. This method insecurely utilizes eval for...

9.3CVSS7.4AI score0.03816EPSS
Exploits8References3
NVD
NVD
added 2023/06/23 10:15 p.m.48 views

CVE-2023-35932

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lea...

8.8CVSS8AI score0.01841EPSS
Exploits0References2
Prion
Prion
added 2023/06/23 10:15 p.m.21 views

Command injection

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lea...

6.5CVSS9.2AI score0.01841EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/06 12:0 a.m.27 views

Server-Side Request Forgery in scout-browser

Pypi package scout-browser GitHub repository clinical-genomics/scout prior to v4.52 is vulnerable to server-side request forgery. An attacker could make the application perform arbitrary requests to steal cookies, request access to private areas, or lead to cross-site scripting...

9.4CVSS2.2AI score0.01095EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/05/06 12:0 a.m.21 views

GHSA-G53G-Q539-93CV Server-Side Request Forgery in scout-browser

Pypi package scout-browser GitHub repository clinical-genomics/scout prior to v4.52 is vulnerable to server-side request forgery. An attacker could make the application perform arbitrary requests to steal cookies, request access to private areas, or lead to cross-site scripting...

8.2CVSS7.8AI score0.01095EPSS
Exploits1References6
Prion
Prion
added 2022/05/05 11:15 a.m.12 views

Server side request forgery (ssrf)

Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...

6.4CVSS8.2AI score0.01095EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/05/05 10:20 a.m.28 views

CVE-2022-1592 Server-Side Request Forgery in scout in clinical-genomics/scout

Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...

9.4CVSS8.5AI score0.01095EPSS
Exploits1References2
CVE
CVE
added 2022/05/05 10:20 a.m.90 views

CVE-2022-1592

CVE-2022-1592 corresponds to a Server-Side Request Forgery in the Scout component of the clinical-genomics/scout project, affecting versions prior to v4.42. The vulnerability arises in the Scout SSRF surface, enabling an attacker to cause the application to perform arbitrary requests, potentially...

9.4CVSS8.3AI score0.01095EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/05/05 10:20 a.m.18 views

CVE-2022-1592 Server-Side Request Forgery in scout in clinical-genomics/scout

Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...

9.4CVSS9AI score0.01095EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/05/05 12:0 a.m.6 views

Clinical-Genomics Scout 代码问题漏洞

Scout is a platform for analyzing VCFs and enabling collaboration to solve rare diseases faster. A security vulnerability exists in Clinical-Genomics Scout versions prior to 4.42 that stems from the presence of server-side request forgery in the application. An attacker exploiting this...

9.4CVSS8.1AI score0.01095EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/05/03 9:15 a.m.5 views

CVE-2022-1554

Path Traversal due to sendfile call in GitHub repository clinical-genomics/scout prior to 4.52...

7.5CVSS6.8AI score0.01296EPSS
Exploits1References3
NVD
NVD
added 2022/05/03 9:15 a.m.19 views

CVE-2022-1554

Path Traversal due to sendfile call in GitHub repository clinical-genomics/scout prior to 4.52...

7.5CVSS0.01296EPSS
Exploits1References2
Prion
Prion
added 2022/05/03 9:15 a.m.11 views

Path traversal

Path Traversal due to sendfile call in GitHub repository clinical-genomics/scout prior to 4.52...

5CVSS7.5AI score0.01296EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/05/03 8:20 a.m.99 views

CVE-2022-1554

CVE-2022-1554 affects the Python package scout (clinical-genomics/scout) prior to version 4.52. The underlying issue is a path traversal vulnerability caused by a send_file/end_file usage, exposing potential unauthorized access to files. Exploitation or real-world details are not provided in the ...

7.5CVSS7AI score0.01296EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/05/03 8:20 a.m.7 views

CVE-2022-1554 Path Traversal due to `send_file` call in clinical-genomics/scout

Path Traversal due to sendfile call in GitHub repository clinical-genomics/scout prior to 4.52...

6.8CVSS6.8AI score0.01296EPSS
Exploits1References4
CNVD
CNVD
added 2021/12/19 12:0 a.m.41 views

CbioPortal Denial of Service Vulnerability

CbioPortal is used to provide visualization, analysis, and download of large-scale cancer genomics datasets. a denial-of-service vulnerability exists in CbioPortal in versions 3.6.21 and earlier, which stems from the insecure handling of regular expressions in /ProteinArraySignificanceTest.json,...

7.5CVSS5.2AI score0.0118EPSS
Exploits1References1
CNVD
CNVD
added 2019/09/02 12:0 a.m.3 views

Clara Genomics Analysis Integer Overflow Vulnerability

Clara Genomics Analysis is an open source software package for biological sequence analysis. An integer overflow vulnerability exists in Clara Genomics Analysis versions prior to 0.2.0. The vulnerability stems from a networked system or product that does not properly validate incoming data. No...

9.8CVSS7.1AI score0.01846EPSS
Exploits0References1
NVD
NVD
added 2019/08/29 1:15 p.m.14 views

CVE-2019-15788

Clara Genomics Analysis before 0.2.0 has an integer overflow for cudapoa memory management in allocateblock.cpp...

9.8CVSS9.7AI score0.01846EPSS
Exploits0References2
Rows per page
Query Builder