GHSA-9HQH-FMHG-VQ2J Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml

Impact Any user with the right to edit his personal page can follow one of the scenario below: Scenario 1: - Log in as a simple user with just edit rights on the user profile - Go to the user's profile - Upload an attachment in the attachment tab at the bottom of the page any image is fine - Clic...

Cross site scripting

The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response...

CVE-2022-36432

The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response...

PT-2022-23366 · Amasty +1 · Amasty Blog Pro +1

Name of the Vulnerable Software and Affected Versions: Amasty Blog Pro version 2.10.3 Description: The Preview functionality in the Amasty Blog Pro plugin for Magento 2 uses eval unsafely, allowing attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generate...

kernel: netfilter: nfnetlink_osf: uninitialized variable information disclosure vulnerability

A flaw was found in the nftosfeval function in the netfilter subsystem of the Linux kernel. This issue results from the lack of proper initialization of memory prior to accessing it, and could allow a local privileged user to leak stale kernel stack data to userspace...

PT-2022-7517 · Pytorch +1 · Pytorch +1

Name of the Vulnerable Software and Affected Versions: PyTorch versions prior to 1.13.1 Description: The issue is related to the incorrect management of code generation in the torch.jit.annotations.parse type line function of the PyTorch machine learning framework. This can allow a remote attacke...

OESA-2022-1990 python-joblib security update

Joblib is a set of tools to provide lightweight pipelining in Python. Security Fixes: The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement.CVE-2022-21797...

Dolibarr vulnerable to Eval Injection

Dolibarr ERP & CRM =15.0.3 are vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval...

GHSA-7CM4-VMF2-8WF2 Dolibarr vulnerable to Eval Injection

Dolibarr ERP & CRM =15.0.3 are vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval...

CVE-2022-40871

Dolibarr ERP & CRM =15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval...

CVE-2022-40871

Dolibarr ERP & CRM =15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval...

Design/Logic Flaw

Dolibarr ERP & CRM =15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval...

UBUNTU-CVE-2022-40871

Dolibarr ERP & CRM =15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval...

CVE-2022-40871

Dolibarr ERP & CRM =15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval...

PT-2022-25596 · Unknown · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP & CRM versions =15.0.3 Description: The issue allows malicious code to be inserted into the database and then executed by eval. By default, any administrator can be added to the installation page of dolibarr, and if successfully...

CVE-2022-40871

Dolibarr ERP & CRM =15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval...

CVE-2022-40871

Dolibarr ERP & CRM =15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval...

CVE-2022-40871

CVE-2022-40871 affects Dolibarr ERP & CRM

Spring Expression Language (SpEL) Injection

com.nepxion:discovery-common is vulnerable to spring expression language injection. The vulnerability exists because eval method in DiscoveryExpressionResolver.java is evaluating expression with a StandardEvaluationContext, allowing an attacker to inject and execute malicious SpEL, leading to...

CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...