28 matches found
CVE-2025-61514
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file...
CVE-2025-61514
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file...
CVE-2025-61514
CVE-2025-61514 affects SageMath, Inc. CoCalc prior to the fix commit 0d2ff58, where an attacker can upload a crafted SVG file to achieve arbitrary code execution. The issue is triggered by an arbitrary file upload vulnerability in the CoCalc front-end/back-end stack, enabling code execution on th...
EUVD-2023-33034
Malicious code in bioql PyPI...
CVE-2019-17526
An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an import'os'.popen'whoami'.read...
CVE-2023-29465
SageMath FlintQS 1.0 relies on pathnames under TMPDIR typically world-writable, which for example allows a local user to overwrite files with the privileges of a different user who is running FlintQS...
CVE-2023-29465
SageMath FlintQS 1.0 relies on pathnames under TMPDIR typically world-writable, which for example allows a local user to overwrite files with the privileges of a different user who is running FlintQS...
CVE-2023-29465
SageMath FlintQS 1.0 relies on pathnames under TMPDIR typically world-writable, which for example allows a local user to overwrite files with the privileges of a different user who is running FlintQS...
Design/Logic Flaw
SageMath FlintQS 1.0 relies on pathnames under TMPDIR typically world-writable, which for example allows a local user to overwrite files with the privileges of a different user who is running FlintQS...
UBUNTU-CVE-2023-29465
SageMath FlintQS 1.0 relies on pathnames under TMPDIR typically world-writable, which for example allows a local user to overwrite files with the privileges of a different user who is running FlintQS...
CVE-2023-29465
SageMath FlintQS 1.0 relies on pathnames under TMPDIR typically world-writable, which for example allows a local user to overwrite files with the privileges of a different user who is running FlintQS...
CVE-2023-29465
SageMath FlintQS 1.0 relies on pathnames under TMPDIR typically world-writable, which for example allows a local user to overwrite files with the privileges of a different user who is running FlintQS...
CVE-2023-29465
SageMath FlintQS 1.0 relies on pathnames under TMPDIR typically world-writable, which for example allows a local user to overwrite files with the privileges of a different user who is running FlintQS...
CVE-2023-29465
SageMath FlintQS 1.0 is affected by CVE-2023-29465 due to reliance on TMPDIR pathnames that are typically world-writable. This can allow a local user to overwrite files with the privileges of the user running FlintQS. There is no exploitation detail in the provided documents. MITRE/ATT&CK mapping...
Sagemath 9.0 Overflow / Denial Of Service Exploit
sagemath 9.0 and reportedly later on ubuntu 20. sagemath gives access to the python interpreter, so code execution is trivial. We give DoS attacks, which terminates the sagemath process with abort, when raising symbolic expression to large integer power. We get abort with stack: gmp: overflow in...
Sagemath 9.0 Overflow / Denial Of Service
sagemath 9.0 and reportedly later on ubuntu 20. sagemath gives access to the python interpreter, so code execution is trivial. We give DoS attacks, which terminates the sagemath process with abort, when raising symbolic expression to large integer power. We get abort with stack: gmp: overflow in...
SageMath Sage Cell Server Operating System Command Injection Vulnerability
SageMath Sage Cell Server is a Cell Server that provides a way to embed Sage calculations into web pages. An operating system command injection vulnerability exists in SageMath Sage Cell Server versions 2019-10-05 and earlier, which can be exploited by an attacker to execute arbitrary commands on...
CVE-2019-17526
An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an import'os'.popen'whoami'.read...
CVE-2019-17526
An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an import'os'.popen'whoami'.read...
Code injection
DISPUTED An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an...