Search Results (108 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-9924 6 Canonical, Debian, Gnu and 3 more 12 Ubuntu Linux, Debian Linux, Bash and 9 more 2024-11-21 7.8 High
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
CVE-2019-11718 2 Mozilla, Opensuse 2 Firefox, Leap 2024-11-21 5.3 Medium
Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. This vulnerability affects Firefox < 68.
CVE-2019-10906 5 Canonical, Fedoraproject, Opensuse and 2 more 9 Ubuntu Linux, Fedora, Leap and 6 more 2024-11-21 8.6 High
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
CVE-2018-6791 2 Debian, Kde 2 Debian Linux, Plasma-workspace 2024-11-21 N/A
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.
CVE-2017-0368 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-11-21 N/A
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.
CVE-2016-10745 2 Palletsprojects, Redhat 9 Jinja, Enterprise Linux, Rhel Aus and 6 more 2024-11-21 N/A
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
CVE-2016-0750 2 Infinispan, Redhat 3 Infinispan, Jboss Data Grid, Jboss Single Sign On 2024-11-21 N/A
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
CVE-2014-4650 2 Python, Redhat 4 Python, Enterprise Linux, Rhel Software Collections and 1 more 2024-11-21 9.8 Critical
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.