2444 matches found
CVE-2020-15591
fexsrv in FEX aka Frams' Fast File EXchange before fex-201609192 allows eval injection for unauthenticated remote code execution...
CVE-2020-15591
CVE-2020-15591 concerns the FEX component, specifically the fexsrv service, where vulnerability exists in versions prior to fex-20160919_2. The issue is an eval injection that can lead to unauthenticated remote code execution. The description across connected records consistently states the flaw ...
CVE-2020-15591
fexsrv in FEX aka Frams' Fast File EXchange before fex-201609192 allows eval injection for unauthenticated remote code execution...
F*EX 代码注入漏洞
FEX is a Perl-based HTTP file exchange service from the individual developer sahwar in Bulgaria. A security vulnerability exists in FEX that allows eval injection for unauthenticated remote code execution...
PT-2022-8576 · F*Ex · F*Ex
Name of the Vulnerable Software and Affected Versions: FEX aka Frams' Fast File EXchange versions prior to fex-20160919 2 Description: The issue allows for eval injection, which can be used for unauthenticated remote code execution. Recommendations: For versions prior to fex-20160919 2, update to...
Remote Code Execution (RCE)
pytorchlightning is vulnerable to remote code execution. The vulnerability exists due to the lack of sanitization of the insecure eval function allowing an attacker to inject maliciously crafted script into the system...
CLSA-2022-1646085619 Fix of CVE: CVE-2020-27619, CVE-2021-23336
CVE-2020-27619: Unsafe use of eval on data retrieved via HTTP in the test suite rhbz1889886 - CVE-2021-23336: Web cache poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a semicolon in query parameters rhbz1928904...
python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions
A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. This flaw allows an attacker to externally-influenced input commands that modify the intended command...
python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions
A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. This flaw allows an attacker to externally-influenced input commands that modify the intended command...
OESA-2022-1526 python-pillow security update
Python image processing library. Security Fixes: pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.CVE-2022-22816 PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec...
CVE-2021-43269
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config PAC file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. Incydr...
Code injection
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config PAC file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. Incydr...
CVE-2021-43269
CVE-2021-43269 affects Code42 app prior to 8.8.0. An eval injection could allow an attacker to modify a device’s proxy configuration to point at a malicious PAC file, enabling arbitrary code execution. Affected: Incydr Basic, Advanced, Gov F1; CrashPlan Cloud; CrashPlan for Small Business (Incydr...
CVE-2021-43269
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config PAC file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. Incydr...
CVE-2022-22817
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...
Pillow 安全漏洞
Pillow is a Python-based image processing library. Pillow is vulnerable to an input validation error prior to 9.0.0, which stems from a networked system or product that does not properly validate input data. An attacker could exploit this vulnerability to execute arbitrary expressions using the...
CVE-2022-22817
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...
PT-2021-6134 · Vim +4 · Vim +4
Name of the Vulnerable Software and Affected Versions: vim affected versions not specified Description: The issue is related to a heap-based buffer overflow in the vim text editor, specifically in the eval lambda function located in src/eval.c. This overflow occurs in dynamic memory and can be...
PT-2021-21590 · Unknown · Dirhistory Plugin
Name of the Vulnerable Software and Affected Versions: dirhistory plugin affected versions not specified Description: The issue concerns the widgets for navigating directory history, triggered by pressing Alt-Left and Alt-Right. These widgets use functions that unsafely execute eval on directory...
ohmyzsh 代码注入漏洞
ohmyzsh is an open source, community-driven framework for managing your zsh configuration. ohmyzsh suffers from an operating system command injection vulnerability that stems from a widget that moves back and forth in the directory history triggered by pressing Alt-Left and Alt-Right using a...