EUVD-2022-49687

Malicious code in bioql PyPI...

Important: sqlite

Issue Overview: SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. CVE-2022-46908 Affected Packages: sqlite Issue Correction: Run dn...

GHSA-GV7F-5QQH-VXFX xous has unsound usages of `core::slice::from_raw_parts`

We consider asslice and asslicemut unsound because: the pointer with any bit patterns could be cast to the slice of arbitrary types. The pointer could be created by unsafe new and deprecated fromparts. We consider that fromparts should be removed in latest version because it will help trigger...

RUSTSEC-2024-0431 Unsound usages of `core::slice::from_raw_parts`

We consider asslice and asslicemut unsound because: the pointer with any bit patterns could be cast to the slice of arbitrary types. The pointer could be created by unsafe new and deprecated fromparts. We consider that fromparts should be removed in latest version because it will help trigger...

GameOver(lay) Privilege Escalation and Container Escape

This module exploits the use of unsafe functions in a number of Ubuntu kernels utilizing vulnerable versions of overlayfs. To mitigate CVE-2021-3493 the Linux kernel added a call to vfssetxattr during ovldosetxattr. Due to independent changes to the kernel by the Ubuntu development team...

CLSA-2024-1728934930 emacs: Fix of CVE-2024-39331

CVE-2024-39331: do not expand link abbrevs that contain unsafe function...

Emacs, org-mode: Command Execution Vulnerability

Background Emacs is the extensible, customizable, self-documenting real-time display editor. org-mode is an Emacs mode for notes and project planning. Description %... link abbreviations could specify unsafe functions. Impact Opening a malicious org-mode file could result in arbitrary code...

Unspecified Vulnerability in GNU Emacs

GNU Emacs is a family of text editors in the American GNU community. GNU Emacs suffers from a security vulnerability that stems from specifying unsafe functions. No details of the vulnerability are provided at this time...

PYSEC-2023-167

Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...

Remote code execution

Grav is a file-based Web platform. Prior to version 1.7.42, there is a logic flaw in the GravExtension.filterFilter function whereby validation against a denylist of unsafe functions is only performed when the argument passed to filter is a string. However, passing an array as a callable argument...

The vulnerability of Siemens S7-1200 microprogramming software lies in the presence of unsafe functions during physical connection via the UART interface. This allows attackers to obtain additional diagnostic information during the device loading process.

The vulnerability of Siemens S7-1200 microprogramming software is related to the presence of unsafe functions during physical connection via the UART interface. Exploiting this vulnerability can allow an attacker to obtain additional diagnostic information during the device loading process...

RUSTSEC-2019-0006 Buffer overflow and format vulnerabilities in functions exposed without unsafe

ncurses exposes functions from the ncurses library which: - Pass buffers without length to C functions that may write an arbitrary amount of data, leading to a buffer overflow. instr, mvwinstr, etc - Passes rust &str to strings expecting C format arguments, allowing hostile input to execute a...

Unsafe Function Usage

jinjava does not disallow the use of unsafe functions and is potentially vulnerable to remote code execution. The getClass method is not blocked in com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java, which could potentially allow an attacker to execute arbitrary Java or OS commands using...

Quest vWorkspace ActiveX unauthorized access

It's possible to modfi files via unsafe functions...

Memory corruption

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory location...

Microsoft Windows HTML Help ActiveX code execution

It's possible to access unsafe functions from web page. Vulnerability can be used for hidden malware installation...

postgresql -- character conversion and tsearch2 vulnerabilities

The postgresql development team reports: The more severe of the two errors is that the functions that support client-to-server character set conversion can be called from SQL commands by unprivileged users, but these functions are not designed to be safe against malicious choices of argument...

Microsoft Office Web Components unauthorized access

A number of unsafe functions...

mod_python imported modules inderect calls

It's possible to inderectly call unsafe function via imported module...