EUVD-2020-4395

Malware in sbrugna...

CVE-2020-12079

Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API...

GHSA-39VM-P9MR-4R27 Beaker Sensitive Information Disclosure vulnerability

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

alignak-webui (>=0.11.1 <=0.12.2), candig-ingest (>=1.3.1 <=1.5.0) +4 more potentially affected by CVE-2013-7489 via beaker (>=1.10.0 <=1.11.0)

beaker PYPI version =1.10.0, =0.11.1, =1.3.1, =1.2.3, =0.1.0, =1.0.0, =1.0.1, =1.0.5 Source cves: CVE-2013-7489 Source advisory: OSV:GHSA-3CWM-7JMM-774W...

ags-client (>=0.0.13 <=0.1.11), alignak-webui (>=0.11.1 <=0.12.2) +170 more potentially affected by CVE-2013-7489 via beaker (>=1.10.0 <=1.13.0)

beaker PYPI version =1.10.0, =0.0.13, =0.11.1, =1.0.0, =3.9.0, =1.1.0, =1.0.0, =0.6.0, =1.1.0, =2.3.4.73, =2.3.0.dev7, =1.3.1, =1.2.3, =1.4.0 and more Source cves: CVE-2013-7489 Source advisory: OSV:PYSEC-2020-216...

CVE-2015-3161

The CVE affects Beaker prior to version 20.1. The search bar code in bkr/server/widgets.py fails to escape tags in string literals when producing JSON, enabling potential cross‑site/script injection via JSON output. The Beaker vulnerability is described consistently across sources (NVD/NVD-deriv...

PYSEC-2012-1

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...