Filtered by vendor Sagemath Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-29465 1 Sagemath 1 Flintqs 2024-11-21 5.5 Medium
SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world-writable), which (for example) allows a local user to overwrite files with the privileges of a different user (who is running FlintQS).
CVE-2019-17526 1 Sagemath 1 Sagemathcell 2024-11-21 9.8 Critical
An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an __import__('os').popen('whoami').read() line. NOTE: the vendor's position is that the product is "vulnerable by design" and the current behavior will be retained