← Back

Sagemath

sagemath

2 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Sagemathcell
sagemathcell
1 CVE
Flintqs
flintqs
1 CVE

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-29465
1Sagemath
1Flintqs
Feb 12, 2025
Apr 6, 2023
N/A· v4
5.5 MEDIUM· v3
N/A· v2
SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world-writable), which (for example) allows a local user to overwrite files with the privileges of a different user (who is running FlintQS).
CVE-2019-17526
1Sagemath
1Sagemathcell
Nov 21, 2024
Oct 18, 2019
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underl...Show more
An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an __import__('os').popen('whoami').read() line. NOTE: the vendor's position is that the product is "vulnerable by design" and the current behavior will be retainedShow less