CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46303
https://notcve.org/view.php?id=CVE-2023-46303
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. link_to_local_path en ebooks/conversion/plugins/html_input.py en calibre anterior a 6.19.0 puede, de forma predeterminada, agregar recursos fuera del root del documento. • https://github.com/0x1717/ssrf-via-img https://github.com/kovidgoyal/calibre/compare/v6.18.1...v6.19.0 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2021-44686
https://notcve.org/view.php?id=CVE-2021-44686
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py. calibre versiones anteriores a 5.32.0, contiene una expresión regular que es vulnerable a ReDoS (denegación de servicio por expresión regular) en html_preprocess_rules en el archivo ebooks/conversion/preprocess.py • https://bugs.launchpad.net/calibre/+bug/1951979 https://github.com/dwisiswant0/advisory/issues/18 https://github.com/kovidgoyal/calibre/compare/v5.31.1...v5.32.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7QKFPYJ23KG6WJ5NIYAM4N2NWZCLQGL • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2CVE-2011-4126
https://notcve.org/view.php?id=CVE-2011-4126
Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere. Se encontraron problemas de condiciones de carrera en Calibre en el archivo devices/linux_mount_helper.c, permitiendo a usuarios no privilegiados la posibilidad de montar cualquier dispositivo en cualquier lugar • https://bugs.launchpad.net/calibre/+bug/885027 https://git.zx2c4.com/calibre-mount-helper-exploit/about https://lwn.net/Articles/464824 https://www.openwall.com/lists/oss-security/2011/11/02/2 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2011-4125
https://notcve.org/view.php?id=CVE-2011-4125
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root. Se encontró un problema de ruta de búsqueda no confiable en Calibre en el archivo devices/linux_mount_helper.c, conllevando a la posibilidad de que usuarios no privilegiados ejecutaran cualquier programa como root • https://bugs.launchpad.net/calibre/+bug/885027 https://git.zx2c4.com/calibre-mount-helper-exploit/about https://lwn.net/Articles/464824 https://www.openwall.com/lists/oss-security/2011/11/02/2 • CWE-426: Untrusted Search Path •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2011-4124
https://notcve.org/view.php?id=CVE-2011-4124
Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges. Se han encontrado problemas de comprobación de entrada en Calibre en el archivo devices/linux_mount_helper.c que pueden conllevar a una inyección de argumentos y elevación de privilegios • https://bugs.launchpad.net/calibre/+bug/885027 https://git.zx2c4.com/calibre-mount-helper-exploit/about https://lwn.net/Articles/464824 https://www.openwall.com/lists/oss-security/2011/11/02/2 • CWE-20: Improper Input Validation •