Lucene search
K

56 matches found

Cvelist
Cvelist
added 2022/11/06 12:0 a.m.36 views

CVE-2022-42919

Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network...

8.2AI score0.00625EPSS
Exploits0References14
Debian CVE
Debian CVE
added 2022/11/06 12:0 a.m.106 views

CVE-2022-42919

Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network...

7.8CVSS7.7AI score0.00625EPSS
Exploits0
OSV
OSV
added 2022/11/06 12:0 a.m.33 views

PSF-2022-9 Linux specific local privilege escalation via the multiprocessing forkserver start method

Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network...

7.8CVSS8AI score0.00625EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/11/03 12:0 a.m.32 views

Ubuntu 22.04 LTS : Python vulnerability (USN-5713-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5713-1 advisory. Devin Jeanpierre discovered that Python incorrectly handled sockets when the multiprocessing module was being used. A local attacker could possibly use this issue...

7.8CVSS7.9AI score0.00625EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2022/10/31 4:25 a.m.42 views

CVE-2022-42919

A vulnerability found in Python. The flaw occurs when used with the forkserver start method on Linux. The Python multiprocessing library allows Python pickles to be deserialized from any user in the same machine's local network namespace in many system configurations, which means any user on the...

7.8CVSS8AI score0.00625EPSS
Exploits0References4
OSV
OSV
added 2022/05/01 6:36 p.m.14 views

GHSA-HF26-VVMX-X8C8 Plone Arbitrary Code Execution via Unsafe Handling of Pickles

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the 1 statusmessages or 2 linkintegrity module, which the module unpickles and executes...

9.8CVSS7.2AI score0.02187EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2022/05/01 6:36 p.m.34 views

Plone Arbitrary Code Execution via Unsafe Handling of Pickles

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the 1 statusmessages or 2 linkintegrity module, which the module unpickles and executes...

7.5CVSS7.8AI score0.02187EPSS
Exploits0References9Affected Software1
exploitpack
exploitpack
added 2019/10/15 12:0 a.m.34 views

Podman Varlink 1.5.1 - Remote Code Execution

Podman Varlink 1.5.1 - Remote Code Execution Exploit Title: Podman & Varlink 1.5.1 - Remote Code Execution Exploit Author: Jeremy Brown Date: 2019-10-15 Vendor Homepage: https://podman.io/ Software Link: dnf install podman or https://github.com/containers/libpod/releases Version: 1.5.1 Tested on:...

0.3AI score
Exploits0
Kitploit
Kitploit
added 2019/08/17 1:0 p.m.359 views

Firmware Slap - Discovering Vulnerabilities In Firmware Through Concolic Analysis And Function Clustering

Firmware slap combines concolic analysis with function clustering for vulnerability discovery and function similarity in firmware. Firmware slap is built as a series of libraries and exports most information as either pickles or JSON for integration with other tools. Slides from the talk can be...

8.4AI score
Exploits0References1
Hacker One
Hacker One
added 2018/06/03 1:37 p.m.38 views

Liberapay: Unsafe deserialization in Libera Pay allows to escalate a SQL injection to Remote Command Execution

Hello. There isn't a direct vulnerability, however a SQL injection would easily be escalated to a Remote Code Execution. I can't directly exploit it due to the restriction on team names it does not accept hexdecimal values. I, however, submit this issue in advance and will attempt to escalate thi...

1.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/02/21 9:35 p.m.8 views

pickles.com.au XSS vulnerability

Open Bug Bounty ID: OBB-565177 Description| Value ---|--- Affected Website:| pickles.com.au Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/11/12 12:0 a.m.21 views

FreeBSD : plone -- unsafe data interpreted as pickles (ffba6ab0-90b5-11dc-9835-003048705d5a)

Plone projectreports : This hotfix corrects a vulnerability in the statusmessages and linkintegrity modules, where unsafe network data was interpreted as python pickles. This allows an attacker to run arbitrary python code within the Zope/Plone process. %NASLMINLEVEL 70300 C Tenable Network...

7.5CVSS5.6AI score0.02187EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2007/11/06 12:0 a.m.33 views

plone -- unsafe data interpreted as pickles

Plone projectreports: This hotfix corrects a vulnerability in the statusmessages and linkintegrity modules, where unsafe network data was interpreted as python pickles. This allows an attacker to run arbitrary python code within the Zope/Plone process...

7.5CVSS6.6AI score0.02187EPSS
Exploits0
securityvulns
securityvulns
added 2005/09/18 12:0 a.m.35 views

p2play game engine code execution

It's possiblt to execute code thorugh object pickles...

2.2AI score
Exploits0References1Affected Software1
Gentoo Linux
Gentoo Linux
added 2005/09/17 12:0 a.m.51 views

Py2Play: Remote execution of arbitrary Python code

Background Py2Play is a peer-to-peer network game engine written in Python. Pickling is a Python feature allowing to serialize Python objects into string representations called pickles that can be sent over the network. Description Arc Riley discovered that Py2Play uses Python pickles to send...

7.5CVSS6.8AI score0.0189EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/09/17 12:0 a.m.15 views

GLSA-200509-09 : Py2Play: Remote execution of arbitrary Python code

The remote host is affected by the vulnerability described in GLSA-200509-09 Py2Play: Remote execution of arbitrary Python code Arc Riley discovered that Py2Play uses Python pickles to send objects over a peer-to-peer game network, and that clients accept without restriction the objects and code...

7.5CVSS6.2AI score0.0189EPSS
Exploits0References2
Rows per page
Query Builder