Lucene search
+L

52 matches found

osv
osv
added last week1 views

SUSE-SU-2026:2832-1 Security update for rustup

This update for rustup fixes the following issues Security issues: - CVE-2024-12224: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243862. - CVE-2025-58160: tracing-subscriber: Tracing log pollution bsc1249008. - CVE-2026-41676: openssl: Deriver:derive and...

9.8CVSS7.1AI score0.00412EPSS
Exploits1References23
osv
osv
added 2026/06/18 7:10 a.m.4 views

SUSE-SU-2026:2441-1 Security update for rustup

This update for rustup fixes the following issues - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257902. - rust-shlex: Multiple issues involving quote API RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27 bsc1230032...

6.8CVSS5.9AI score0.00291EPSS
Exploits0References4
snyk
snyk
added 2026/05/24 7:45 a.m.8 views

Arbitrary Argument Injection

Overview prefect is a Prefect is a new workflow management system, designed for modern infrastructure and powered by the open-source Prefect Core workflow engine. Users organize Tasks into Flows, and Prefect takes care of the rest. Affected versions of this package are vulnerable to Arbitrary...

8.5CVSS7.8AI score0.00298EPSS
Exploits0References2
cve
cve
added 2026/05/07 6:19 p.m.24 views

CVE-2026-42284

GitPython (Python Git library) is affected by CVE-2026-42284 due to unsafe handling of multi_options in _clone() before 3.1.47. The code validates multi_options as the original list, then performs shlex.split(" ".join(multi_options)), which can allow a crafted string like "--branch main --config ...

9.8CVSS5.7AI score0.00571EPSS
Exploits1References3Affected Software1
osv
osv
added 2026/05/07 6:19 p.m.4 views

CVE-2026-42284 GitPython: Unsafe option check validates multi_options before shlex.split transforms it

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, clone validates multioptions as the original list, then executes shlex.split" ".joinmultioptions. A string like "--branch main --config core.hooksPath=/x" passes validation starts with --branch, but aft...

8.1CVSS7.1AI score0.00571EPSS
Exploits1References5
cnnvd
cnnvd
added 2026/05/07 12:0 a.m.13 views

GitPython 参数注入漏洞

GitPython is a Python library developed by gitpython-developers, designed for interacting with Git repositories. Versions of GitPython prior to 3.1.47 contained a parameter injection vulnerability. This vulnerability stemmed from the use of clone to validate multioptions, followed by the executio...

9.8CVSS6AI score0.00571EPSS
Exploits1References1
osv
osv
added 2026/04/25 11:41 p.m.6 views

GHSA-X2QX-6953-8485 GitPython: Unsafe option check validates multi_options before shlex.split transformation

Summary clone validates multioptions as the original list, then executes shlex.split" ".joinmultioptions. A string like "--branch main --config core.hooksPath=/x" passes validation starts with --branch, but after split becomes "--branch", "main", "--config", "core.hooksPath=/x". Git applies the...

8.1CVSS6AI score0.00571EPSS
Exploits1References5
github
github
added 2026/04/25 11:41 p.m.10 views

GitPython: Unsafe option check validates multi_options before shlex.split transformation

Summary clone validates multioptions as the original list, then executes shlex.split" ".joinmultioptions. A string like "--branch main --config core.hooksPath=/x" passes validation starts with --branch, but after split becomes "--branch", "main", "--config", "core.hooksPath=/x". Git applies the...

9.8CVSS5.6AI score0.00571EPSS
Exploits1References5Affected Software1
redhatcve
redhatcve
added 2026/04/06 10:57 a.m.4 views

CVE-2026-34935

PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split and forwarded through the call chain to anyio.openprocess with no validation, allowlist check, or sanitization at any hop, allowing arbitrary OS command...

9.8CVSS6.1AI score0.00824EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/03/04 12:0 a.m.4 views

CVE-2026-26514

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags e.g., -w, -q via the q parameter. This can be exploited to cause a Denial of Service D...

7.5CVSS6.1AI score0.00388EPSS
Exploits1References3
cve
cve
added 2026/03/04 12:0 a.m.46 views

CVE-2026-26514

CVE-2026-26514 affects bird-lg-go prior to commit 6187a4e3afce6d8c29568f8c72ca497d1f5a2b56. The traceroute module parses user input with shlex.Split without validation, enabling an attacker to inject arbitrary flags (e.g., -w, -q) via the q parameter. This can lead to Denial of Service (DoS) by e...

7.5CVSS6.1AI score0.00388EPSS
Exploits1References2Affected Software1
osv
osv
added 2026/03/04 12:0 a.m.6 views

CVE-2026-26514

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags e.g., -w, -q via the q parameter. This can be exploited to cause a Denial of Service D...

7.5CVSS5.9AI score0.00388EPSS
Exploits1References4
suse
suse
added 2025/10/14 1:21 p.m.5 views

Security update for rust-keylime

This update for rust-keylime fixes the following issues: CVE-2025-55159: slab: incorrect bounds check in getdisjointmut function can lead to undefined behavior or potential crash due to out-of-bounds access bsc1248006 CVE-2025-3416: openssl: Use-After-Free in Md::fetch and Cipher::fetch in...

6.5CVSS7.1AI score0.0078EPSS
Exploits1References22
nessus
nessus
added 2025/10/08 12:0 a.m.1 views

SLED15 / SLES15 Security Update : gstreamer-plugins-rs (SUSE-SU-2025:03459-1)

The remote openSUSE host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:03459-1 advisory. - Update crate shlex to 1.3.0: RUSTSEC-2024-0006: Fixed multiple issues involving quote API bsc1230028 Tenable has extracted the preceding description block...

5.6AI score
Exploits0References2
suse
suse
added 2025/10/07 7:35 a.m.5 views

Security update for gstreamer-plugins-rs

This update for gstreamer-plugins-rs fixes the following issues: Update crate shlex to 1.3.0: RUSTSEC-2024-0006: Fixed multiple issues involving quote API bsc1230028 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

7.2AI score
Exploits0References2
osv
osv
added 2025/10/07 7:35 a.m.4 views

SUSE-SU-2025:03459-1 Security update for gstreamer-plugins-rs

This update for gstreamer-plugins-rs fixes the following issues: - Update crate shlex to 1.3.0: RUSTSEC-2024-0006: Fixed multiple issues involving quote API bsc1230028...

7.1AI score
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-29427

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.0078EPSS
Exploits0References5
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-54826

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.0078EPSS
Exploits0References3
osv
osv
added 2025/09/16 7:50 a.m.6 views

SUSE-SU-2025:20717-1 Security update for rust-keylime

This update for rust-keylime fixes the following issues: - Update vendored crate slab to version 0.4.11 CVE-2025-55159: Fixed incorrect bounds check in getdisjointmut function leading to undefined behavior or potential crash due to out-of-bounds access bsc1248006 - Update to version 0.2.8+12:...

9.8CVSS6AI score0.0078EPSS
Exploits0References7
suse
suse
added 2025/09/16 7:49 a.m.7 views

Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update vendored crate slab to version 0.4.11 CVE-2025-55159: Fixed incorrect bounds check in getdisjointmut function leading to undefined behavior or potential crash due to out-of-bounds access bsc1248006 Update to version 0.2.8+12:...

6.3CVSS7.6AI score0.0078EPSS
Exploits0References12
Rows per page
Query Builder