15 matches found
Mageia: Security Advisory (MGASA-2018-0059)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-13091
pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the readpickle function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the readpickle function is documented as unsafe and it is the user's responsibility to use...
GHSA-CF3C-FFFP-34QH conference-scheduler-cli Arbitrary Code Execution
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
conference-scheduler-cli Arbitrary Code Execution
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
CVE-2018-14572
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
CVE-2018-14572
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
PYSEC-2018-64
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
Design/Logic Flaw
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
CVE-2018-14572
CVE-2018-14572 affects the conference-scheduler-cli package, where a pickle.load on imported data enables an attacker to execute arbitrary code via a crafted .pickle file that contains an os.system call. The underlying vulnerability is unsafe Python object deserialization in conference-scheduler-...
CVE-2018-14572
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
CVE-2018-7889
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
CVE-2018-7889
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
CVE-2018-7889
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
CVE-2018-7889
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
Back In Time: Command injection
Background A simple backup tool for Linux, inspired by “flyback project”. Description ‘Back in Time’ did improper escaping/quoting of file paths used as arguments to the ‘notify-send’ command leading to some parts of file paths being executed as shell commands within an os.system call. Impact A...