CVE-2020-17354

HIGH Year: 2020
CVSS v3 Score
8.6
High
Weakness Type
CWE-863
View all →

Vulnerability Description

LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, safe mode is removed, and the product no longer tries to block code execution when external files are used.

Related Vulnerabilities

CVE-2021-30975

HIGH
CVSS:8.6(High)

This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. ...

CWE-8632021

CVE-2021-39206

HIGH
CVSS:8.6(High)

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorr...

CWE-8632021

CVE-2025-0781

HIGH
CVSS:8.6(High)

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.

CWE-8632025

CVE-2021-29678

HIGH
CVSS:8.7(High)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Forc...

CWE-8632021

CVE-2023-23947

HIGH
CVSS:8.5(High)

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All Argo CD versions starting with 2.3.0-rc1 and prior to 2.3.17, 2.4.23 2.5.11, and 2.6.2 are vulnerable to an improper autho...

CWE-8632023

CVE-2025-0359

HIGH
CVSS:8.5(High)

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods wi...

CWE-8632025