1404 matches found
RHEL 8 / 9 : OpenShift Container Platform 4.15.0 (RHSA-2023:7201)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7201 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
pillow: Arbitrary Code Execution via the environment parameter
A vulnerability was found in Pillow, a popular Python imaging library. The flaw identified in the PIL.ImageMath.eval function enables arbitrary code execution by manipulating the environment parameter...
CVE-2023-6935
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...
CVE-2023-6935 Marvin Attack vulnerability in SP Math All RSA
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...
CVE-2023-6935
The CVE-2023-6935 entry concerns wolfSSL SP Math All RSA when built with static RSA (WOLFSSL_STATIC_RSA). The Marvin Attack, a timing Bleichenbacher-style attack variant, can decrypt ciphertexts and forge signatures after many observations. However, the default builds since wolfSSL 3.6.6 disable ...
CVE-2023-6935 Marvin Attack vulnerability in SP Math All RSA
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...
CVE-2023-6935
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...
pillow: Arbitrary Code Execution via the environment parameter
A vulnerability was found in Pillow, a popular Python imaging library. The flaw identified in the PIL.ImageMath.eval function enables arbitrary code execution by manipulating the environment parameter...
Important: python-pillow
Issue Overview: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter. CVE-2023-50447 Affected Packages: python-pillow Note: This advisory is applicable to Amaz...
markdown-math-editor (>=1.1.0 <=1.1.3), mse-md2html (>=1.0.0 <=1.0.1) +1 more potentially affected by unknown CVE via remark-images-download (>=0.0.8 <=3.0.5)
remark-images-download NPM version =0.0.8, =1.1.0, =1.0.0, =2.1.8, =12.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-MF74-QQ7W-6J7V...
Exploit for CVE-2024-22890
CVE List CVE-2024-22890: My e-Diary App - Cross-Site-Script...
The vulnerability of the eval() function in the ImageMath module of the Pillow library allows a hacker to execute arbitrary code.
The vulnerability of the eval function in the ImageMath module of the Pillow library relates to improper code generation during the processing of the environment parameter. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
CVE-2024-24136
The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting XSS attacks...
CVE-2024-24136
The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting XSS attacks...
Cross site scripting
The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting XSS attacks...
CVE-2024-24136
The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting XSS attacks...
CVE-2024-24136
The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting XSS attacks...
Math Game with Leaderboard Security Breach
Math Game with Leaderboard is a math game with leaderboards by rems personal developer. A security vulnerability exists in Math Game with Leaderboard version 1.0, which originates from a cross-site scripting XSS attack on the Your Name field...
PT-2024-20289 · Unknown · Sourcecodester Math Game With Leaderboard
Name of the Vulnerable Software and Affected Versions: Sourcecodester Math Game with Leaderboard version 1.0 Description: The issue concerns a Cross-Site Scripting XSS attack vulnerability. Specifically, the 'Your Name' field in the Submit Score section is affected. This type of attack occurs whe...
CVE-2024-24136
CVE-2024-24136 affects the Sourcecodester Math Game with Leaderboard (v1.0). The vulnerability is Cross-Site Scripting (XSS) in the Submit Score section, specifically the Your Name field, due to insufficient input sanitization. Public references include PoCs/exploits on GitHub and vendor advisori...