75 matches found
PT-2024-41432 · Crates.Io · Wasmtime-Jit-Debug
The unsound function dump code load record uses from raw parts to directly convert the pointer addr and len into a slice without any validation and that memory block would be dumped. Thus, the 'safe' function dump code load record is actually 'unsafe' since it requires the caller to guarantee tha...
CVE-2024-39331
A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments. Mitigation Do not open Org mode files or...
CVE-2024-39331
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...
AZL-42868 CVE-2024-39331 affecting package emacs for versions less than 29.4-1
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...
DEBIAN-CVE-2024-39331
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...
CVE-2024-39331
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...
CVE-2024-39331
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...
CVE-2024-39331
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...
CVE-2024-39331
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...
CVE-2024-39331
CVE-2024-39331 affects Emacs (Org Mode), where org-link-expand-abbrev can execute unsafe Elisp via a %(...) link abbrev. This occurs in Emacs before 29.4 and Org Mode before 9.7.5, due to evaluating unsafe functions (e.g., shell-command-to-string) during link expansion. The CVSS/impact in the pri...
PT-2024-24341 · Mealie · Mealie
Name of the Vulnerable Software and Affected Versions: Mealie versions prior to 1.4.0 Description: The issue concerns the safe scrape html function, which uses a user-controlled URL to issue a request to a remote server. This function does not restrict the URL that can be provided, allowing an...
BIT-NODE-2022-21824
Due to the formatting logic of the "console.table" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "proto". The prototype pollution has...
CVE-2023-42799 Buffer overflow due to use of `strcpy` in `parseUrlAddrFromRtspUrlString`
Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious ga...
`out_reference::Out::from_raw` should be `unsafe`
Out::fromraw in affected versions allows writing a value to invalid memory address without requiring unsafe. The soundness issue has been addressed by making Out::fromraw an unsafe function...
Multiple vulnerabilities in PostgreSQL extension module pg_ivm
Overview pgivm provided by IVM Development Group is a PostgreSQL extension module that provides incremental view maintenance functionality of materialized views. pgivm contains multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2023-228...
CVE-2020-13091
pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the readpickle function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the readpickle function is documented as unsafe and it is the user's responsibility to use...
Relies on undefined behavior of `char::from_u32_unchecked`
The Windows implementation of this crate relied on the behavior of std::char::fromu32unchecked when its safety clause is violated. Even though this worked with Rust versions up to 1.42 at least, that behavior could change with any new Rust version, possibly leading a security issue. The flaw was...
modulemd uses an unsafe function for processing externally provided data
modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution...
CVE-2017-1002157
modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution...
CVE-2017-1002157
CVE-2017-1002157 affects modulemd 1.3.1 and earlier. Root cause: an unsafe function used to process externally provided data, enabling remote code execution. Impact: remote code execution on vulnerable deployments. Affected versions are 1.3.1 and earlier. Remediation: upgrade to modulemd 1.3.2 or...