2444 matches found
Arbitrary Code Execution
Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution. The vulnerability due to passing unvalidated input from a file into a string-type “eval”. It allows an attacker spreads malicious code which leads to arbitrary code execution...
ml.shifu:shifu-tensorflow-eval (=0.12.0), ml.shifu:shifu-tensorflow-on-yarn (=0.12.0) potentially affected by CVE-2023-7148 via ml.shifu:shifu (=0.12.0)
ml.shifu:shifu MAVEN version =0.12.0 is affected by a known vulnerability. The following packages have a transitive dependency on ml.shifu:shifu and may be impacted: - ml.shifu:shifu-tensorflow-eval =0.12.0 - ml.shifu:shifu-tensorflow-on-yarn =0.12.0 Source cves: CVE-2023-7148 Source advisory:...
CVE-2023-43364
main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution...
CVE-2023-43364
CVE-2023-43364 affects Searchor prior to 2.4.2. main.py uses eval on CLI input, enabling potential remote code execution. Multiple sources (Red Hat, OSV, GHSA, and others) corroborate a pre-2.4.2 vulnerability in the Searchor CLI. Impact is described as code execution with high severity; exploit ...
CVE-2023-48699 fastbots Eval Injection vulnerability
fastbots is a library for fast bot and scraper development using selenium and the Page Object Model POM design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability ...
GHSA-VCCG-F4GP-45X9 Eval Injection in fastbots
Impact An attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function def locatorself, locatorname: str in page.py. The vulnerable code that load and execute directly from the file...
Eval Injection in fastbots
Impact An attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function def locatorself, locatorname: str in page.py. The vulnerable code that load and execute directly from the file...
CVE-2023-48025
Liblisp through commit 4c65969 was discovered to contain a out-of-bounds-read vulnerability in unsigned getlengthlispcellt x at eval.c...
aioasuswrt (>=1.1.20 <=1.3.3), aiosftp (>=0.0.1 <=0.3.0) +28 more potentially affected by CVE-2023-46445 via asyncssh (>=1.10.0 <=2.14.0)
asyncssh PYPI version =1.10.0, =1.1.20, =0.0.1, =0.6.0, =0.3.0, =1.2.1, =0.4.0, =0.1.0, =4.3.5, =0.35.0, =3.1.1, =0.6.5, =0.8.0, =2.8.1, =0.2.0, =0.1.0, =0.3.10 and more Source cves: CVE-2023-46445 Source advisory: OSV:PYSEC-2023-237...
kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
An out-of-bounds OOB memory access flaw was found in the Netfilter module in the Linux kernel's nftbyteordereval in net/netfilter/nftbyteorder.c. A bound check failure allows a local attacker with CAPNETADMIN access to cause a local privilege escalation issue due to incorrect data alignment...
kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
An out-of-bounds OOB memory access flaw was found in the Netfilter module in the Linux kernel's nftbyteordereval in net/netfilter/nftbyteorder.c. A bound check failure allows a local attacker with CAPNETADMIN access to cause a local privilege escalation issue due to incorrect data alignment...
PT-2023-28807 · Searchor · Searchor
Name of the Vulnerable Software and Affected Versions: Searchor versions prior to 2.4.2 Description: The issue allows an attacker to execute arbitrary code via a crafted script to the eval function in Searchor's main.py file, affecting the search feature in Searchor's Command Line Interface. This...
Important: mariadb
Issue Overview: A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in...
kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
An out-of-bounds OOB memory access flaw was found in the Netfilter module in the Linux kernel's nftbyteordereval in net/netfilter/nftbyteorder.c. A bound check failure allows a local attacker with CAPNETADMIN access to cause a local privilege escalation issue due to incorrect data alignment...
kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
An out-of-bounds OOB memory access flaw was found in the Netfilter module in the Linux kernel's nftbyteordereval in net/netfilter/nftbyteorder.c. A bound check failure allows a local attacker with CAPNETADMIN access to cause a local privilege escalation issue due to incorrect data alignment...
kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
An out-of-bounds OOB memory access flaw was found in the Netfilter module in the Linux kernel's nftbyteordereval in net/netfilter/nftbyteorder.c. A bound check failure allows a local attacker with CAPNETADMIN access to cause a local privilege escalation issue due to incorrect data alignment...
kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
An out-of-bounds OOB memory access flaw was found in the Netfilter module in the Linux kernel's nftbyteordereval in net/netfilter/nftbyteorder.c. A bound check failure allows a local attacker with CAPNETADMIN access to cause a local privilege escalation issue due to incorrect data alignment...
SUSE CVE-2023-23623
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a script-src directive and not providing unsafe-eval in that directive, is not respected in renderers that have sandb...
CVE-2023-23623
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a script-src directive and not providing unsafe-eval in that directive, is not respected in renderers that have sandb...
CVE-2023-23623 Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled in Electron
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a script-src directive and not providing unsafe-eval in that directive, is not respected in renderers that have sandb...