11 matches found
Astra Linux - уязвимость в linux
In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to a slab-out-of-bounds read access in f2fsbuildsegmentmanager in fs/f2fs/segment.c. This issue is related to initminmaxmtime in fs/f2fs/segment.c because the second argument to getsegentry is not validated...
CVE-2026-34935 PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command()
PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split and forwarded through the call chain to anyio.openprocess with no validation, allowlist check, or sanitization at any hop, allowing arbitrary OS command...
CVE-2026-27115 ADB Explorer is Vulnerable to Arbitrary Directory Deletion via Command-Line Argument
ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below have an unvalidated command-line argument that allows any user to trigger recursive deletion of arbitrary directories on the Windows filesystem. ADB Explorer accepts an optional path argument to set a custom data...
CVE-2026-27115 ADB Explorer is Vulnerable to Arbitrary Directory Deletion via Command-Line Argument
ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below have an unvalidated command-line argument that allows any user to trigger recursive deletion of arbitrary directories on the Windows filesystem. ADB Explorer accepts an optional path argument to set a custom data...
CVE-2026-22188
The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argvcopy and argvcopy2 using alloca based directly on the attacker-controlled argc value without validation...
CVE-2019-10804
serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation...
SUSE CVE-2019-19449
In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fsbuildsegmentmanager in fs/f2fs/segment.c, related to initminmaxmtime in fs/f2fs/segment.c because the second argument to getsegentry is not validated...
CVE-2022-35941
TensorFlow is an open source platform for machine learning. The AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program. We have patched the issue in GitHub commit...
Data leak in Tensorflow
Impact The datasplits argument of tf.rawops.StringNGrams lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory python tf.rawops.StringNGramsdata="aa", "bb", "cc", "dd", "ee", "ff", datasplits=0,8, separator=" ", ngramwidths=3,...
CVE-2019-10802
giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull" is executed by the package without any validation...
Command Injection
Overview giting is a Git server. Affected versions of this package are vulnerable to Command Injection. The first argument "repo" of function pull is executed by the package without any validation. PoC by JHU System Security Lab var Test = require"giting"; var injectioncommand = ";echo vulnerable...