Page 81 of 1100 results (0.060 seconds)

CVSS: 8.0EPSS: 0%CPEs: 11EXPL: 1

CVE-2015-20107 – python: mailcap: findmatch() function does not sanitize the second argument

https://notcve.org/view.php?id=CVE-2015-20107

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 En Python (también conocido como CPython) hasta la versión 3.10.8, el módulo mailcap no añade caracteres de escape en los comandos descubiertos en el archivo mailcap del sistema. Esto puede permitir a los atacantes inyectar comandos de shell en aplicaciones que llamen a mailcap.findmatch con entradas no confiables (si carecen de validación de los nombres de archivos o argumentos proporcionados por el usuario). La corrección también se ha aplicado a las versiones 3.7, 3.8 y 3.9 A command injection vulnerability was found in the Python mailcap module. • https://bugs.python.org/issue24778 https://github.com/python/cpython/issues/68966 https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46KWPTI72SSEOF53DOYQBQOCN4QQB2GE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/53TQZFLS6O3FLIMVSXFEEPZSWLDZLBOX https://lists.fedoraproject.org/archives/list/package-announ • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2022-24070 – Apache Subversion mod_dav_svn is vulnerable to memory corruption

https://notcve.org/view.php?id=CVE-2022-24070

Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. La función mod_dav_svn de Subversion es vulnerable a una corrupción de memoria. • http://seclists.org/fulldisclosure/2022/Jul/18 https://bz.apache.org/bugzilla/show_bug.cgi?id=65861 https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife https://issues.apache.org/jira/browse/SVN-4880 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT https://support.apple.com/kb/HT213345 https://www.debian • CWE-416: Use After Free •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1

CVE-2021-28544 – Apache Subversion SVN authz protected copyfrom paths regression

https://notcve.org/view.php?id=CVE-2021-28544

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. • http://seclists.org/fulldisclosure/2022/Jul/18 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT https://subversion.apache.org/security/CVE-2021-28544-advisory.txt https://support.apple.com/kb/HT213345 https://www.debian.org/security/2022/dsa-5119 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

CVE-2022-24765 – Uncontrolled search for the Git directory in Git for Windows

https://notcve.org/view.php?id=CVE-2022-24765

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. • http://seclists.org/fulldisclosure/2022/May/31 http://www.openwall.com/lists/oss-security/2022/04/12/7 https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedor • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2022-24836 – Inefficient Regular Expression Complexity in Nokogiri

https://notcve.org/view.php?id=CVE-2022-24836

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue. Nokogiri es una biblioteca XML y HTML de código abierto para Ruby. • http://seclists.org/fulldisclosure/2022/Dec/23 https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8 https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM https://lists.fedoraproject.org/archives/list/package& • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •