Total
51 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3225 | 1 Budibase | 1 Budibase | 2023-08-02 | N/A | 5.7 MEDIUM |
| Improper Control of Dynamically-Managed Code Resources in GitHub repository budibase/budibase prior to 1.3.20. | |||||
| CVE-2023-37271 | 1 Zope | 1 Restrictedpython | 2023-07-19 | N/A | 9.9 CRITICAL |
| RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generator expressions, which are allowed inside RestrictedPython. Prior to versions 6.1 and 5.3, an attacker with access to a RestrictedPython environment can write code that gets the current stack frame in a generator and then walk the stack all the way beyond the RestrictedPython invocation boundary, thus breaking out of the restricted sandbox and potentially allowing arbitrary code execution in the Python interpreter. All RestrictedPython deployments that allow untrusted users to write Python code in the RestrictedPython environment are at risk. In terms of Zope and Plone, this would mean deployments where the administrator allows untrusted users to create and/or edit objects of type `Script (Python)`, `DTML Method`, `DTML Document` or `Zope Page Template`. This is a non-default configuration and likely to be extremely rare. The problem has been fixed in versions 6.1 and 5.3. | |||||
| CVE-2023-35930 | 1 Authzed | 1 Spicedb | 2023-07-06 | N/A | 5.3 MEDIUM |
| SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Any user making a negative authorization decision based on the results of a `LookupResources` request with 1.22.0 is affected. For example, using `LookupResources` to find a list of resources to allow access to be okay: some subjects that should have access to a resource may not. But if using `LookupResources` to find a list of banned resources instead, then some users that shouldn't have access may. Generally, `LookupResources` is not and should not be to gate access in this way - that's what the `Check` API is for. Additionally, version 1.22.0 has included a warning about this bug since its initial release. Users are advised to upgrade to version 1.22.2. Users unable to upgrade should avoid using `LookupResources` for negative authorization decisions. | |||||
| CVE-2023-33175 | 1 Toui Project | 1 Toui | 2023-06-07 | N/A | 7.5 HIGH |
| ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. ToUI is using Flask-Caching (SimpleCache) to store user variables. Websites that use `Website.user_vars` property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1. | |||||
| CVE-2023-29199 | 1 Vm2 Project | 1 Vm2 | 2023-04-25 | N/A | 10.0 CRITICAL |
| There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.16` of `vm2`. | |||||
| CVE-2023-29017 | 1 Vm2 Project | 1 Vm2 | 2023-04-13 | N/A | 9.8 CRITICAL |
| vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.15 of vm2. There are no known workarounds. | |||||
| CVE-2022-43441 | 1 Ghost | 1 Sqlite3 | 2023-03-22 | N/A | 9.8 CRITICAL |
| A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability. | |||||
| CVE-2021-32563 | 1 Xfce | 1 Thunar | 2023-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution. | |||||
| CVE-2023-25560 | 1 Datahub Project | 1 Datahub | 2023-02-21 | N/A | 9.8 CRITICAL |
| DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be able to augment these JSON strings to be sent to the backend and that can potentially be abused by including new or colliding values. This issue may lead to an authentication bypass and the creation of system accounts, which effectively can lead to full system compromise. Users are advised to upgrade. There are no known workarounds for this vulnerability. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-080. | |||||
| CVE-2022-36067 | 1 Vm2 Project | 1 Vm2 | 2022-11-08 | N/A | 10.0 CRITICAL |
| vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.11 of vm2. There are no known workarounds. | |||||
| CVE-2022-39051 | 1 Otrs | 1 Otrs | 2022-10-01 | N/A | 8.8 HIGH |
| Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package | |||||
| CVE-2022-40634 | 1 Craftercms | 1 Crafter Cms | 2022-09-16 | N/A | 7.2 HIGH |
| Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI. | |||||
| CVE-2022-40635 | 1 Craftercms | 1 Crafter Cms | 2022-09-16 | N/A | 7.2 HIGH |
| Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. | |||||
| CVE-2022-27889 | 1 Palantir | 1 Foundry Multipass | 2022-06-23 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0. | |||||
| CVE-2021-23267 | 1 Craftercms | 1 Crafter Cms | 2022-05-25 | 9.0 HIGH | 8.8 HIGH |
| Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods. | |||||
| CVE-2021-42809 | 2 Microsoft, Thalesgroup | 2 Windows, Sentinel Protection Installer | 2022-01-04 | 6.9 MEDIUM | 7.8 HIGH |
| Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code. | |||||
| CVE-2019-15006 | 1 Atlassian | 2 Confluence, Confluence Server | 2021-12-13 | 5.8 MEDIUM | 6.5 MEDIUM |
| There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence Data Center communicated with the Companion application via the atlassian-domain-for-localhost-connections-only.com domain name, the DNS A record of which points at 127.0.0.1. Additionally, a signed certificate for the domain was publicly distributed with the Companion application. An attacker in the position to control DNS resolution of their victim could carry out a man-in-the-middle (MITM) attack between Confluence Server (or Confluence Data Center) and the atlassian-domain-for-localhost-connections-only.com domain intended to be used with the Companion application. This certificate has been revoked, however, usage of the atlassian-domain-for-localhost-connections-only.com domain name was still present in Confluence Server and Confluence Data Center. An attacker could perform the described attack by denying their victim access to certificate revocation information, and carry out a man-in-the-middle (MITM) attack to observe files being edited using the Companion application and/or modify them, and access some limited user information. | |||||
| CVE-2021-22387 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| There is an Improper Control of Dynamically Managing Code Resources Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to remotely execute commands. | |||||
| CVE-2021-23258 | 1 Craftercms | 1 Crafter Cms | 2021-12-03 | 6.5 MEDIUM | 7.2 HIGH |
| Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause attackers to execute arbitrary commands remotely (RCE). | |||||
| CVE-2021-23262 | 1 Craftercms | 1 Crafter Cms | 2021-12-03 | 6.5 MEDIUM | 7.2 HIGH |
| Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE. | |||||