5 results (0.010 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 5

Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. El control de acceso inadecuado en Calibre 6.9.0 ~ 7.14.0 permite a atacantes no autenticados lograr la ejecución remota de código. • https://github.com/Uno13x/CVE-2024-6782-PoC https://github.com/zangjiahe/CVE-2024-6782 https://github.com/jdpsl/CVE-2024-6782 https://github.com/R4idB0Y/CVE-2024-6782-PoC https://github.com/0xB0y426/CVE-2024-6782-PoC https://github.com/kovidgoyal/calibre/commit/38a1bf50d8cd22052ae59c513816706c6445d5e9 https://starlabs.sg/advisories/24/24-6782 • CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. link_to_local_path en ebooks/conversion/plugins/html_input.py en calibre anterior a 6.19.0 puede, de forma predeterminada, agregar recursos fuera del root del documento. • https://github.com/0x1717/ssrf-via-img https://github.com/kovidgoyal/calibre/compare/v6.18.1...v6.19.0 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2

calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py. calibre versiones anteriores a 5.32.0, contiene una expresión regular que es vulnerable a ReDoS (denegación de servicio por expresión regular) en html_preprocess_rules en el archivo ebooks/conversion/preprocess.py • https://bugs.launchpad.net/calibre/+bug/1951979 https://github.com/dwisiswant0/advisory/issues/18 https://github.com/kovidgoyal/calibre/compare/v5.31.1...v5.32.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7QKFPYJ23KG6WJ5NIYAM4N2NWZCLQGL • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. gui2/viewer/bookmarkmanager.py en Calibre 3.18 llama a cPickle.load en los datos importados de marcapáginas, lo que permite que atacantes remotos ejecuten código arbitrario mediante un archivo .pickle manipulado. Esto se demuestra por el código Python que contiene una llamada os.system. • https://bugs.launchpad.net/calibre/+bug/1753870 https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d • CWE-502: Deserialization of Untrusted Data •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. El visor de E-book en calibre en versiones anteriores a 2.75 permite a atacantes remotos leer archivos arbitrarios a través de un archivo epub manipulado con JavaScript. • http://www.openwall.com/lists/oss-security/2017/01/29/8 http://www.openwall.com/lists/oss-security/2017/01/31/9 http://www.securityfocus.com/bid/95909 https://bugs.launchpad.net/calibre/+bug/1651728 https://github.com/kovidgoyal/calibre/commit/3a89718664cb8c • CWE-264: Permissions, Privileges, and Access Controls •