Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

GHSA-CG42-4WRC-GP47 Code Injection in node-extend

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

GHSA-FW2F-7F87-5R6C Improper Input Validation in access-policy

access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the template function is executed by the eval function resulting in code execution...

GHSA-V756-4WHV-48VC Code Injection in cd-messenger

cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution...

Code Injection in mosc

mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...

SUSE-SU-2021:1621-1 Security update for python3

This update for python3 fixes the following issues: Security issues fixed: - CVE-2020-27619: where Lib/test/multibytecodecsupport calls eval on content retrieved via HTTP. bsc1178009 Other fixes: - Make sure to close the 'importfailed.map' file after the exception has been raised in order to avoi...

GHSA-8V27-2FG9-7H62 Withdrawn: Arbitrary Code Execution in static-eval

All versions of package static-eval are vulnerable to Arbitrary Code Execution using FunctionExpressions and TemplateLiterals. PoC: var evaluate = require'static-eval'; var parse = require'esprima'.parse; var src="function x return...

Withdrawn: Arbitrary Code Execution in static-eval

All versions of package static-eval are vulnerable to Arbitrary Code Execution using FunctionExpressions and TemplateLiterals. PoC: var evaluate = require'static-eval'; var parse = require'esprima'.parse; var src="function x return...

Code Injection in c0oki3s/python-tools

✍️ Description python-tools is using an unsecure input function in https://github.com/C0oki3s/python-tools/blob/main/Dircreate/Dircreate.pyL8. Given that the script can be run using python2 or python3, if you feed the program with a python command and the python interpreter is python2, then the...

Remote Code Execution (RCE)

mariadb is vulnerable to remote code execution. The vulnerability exists due to an untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrepprovider and wsrepnotifycmd...

Eaton Intelligent Power Manager Eval Injection Vulnerability

Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. An Eval injection vulnerability exists in Eaton IPM versions prior to 1.69. The vulnerability arises becaus...

Eaton Intelligent Power Manager

1. EXECUTIVE SUMMARY CVSS v3 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Eaton Equipment: Intelligent Power Manager IPM Vulnerabilities: SQL Injection, Eval Injection, Improper Input Validation, Unrestricted Upload of File with Dangerous Type, Code Injection 2. RISK...

CVE-2021-23277

Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful exploitation can...

CVE-2021-23277

Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful exploitation can...

Design/Logic Flaw

Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful exploitation can...

CVE-2021-23277

CVE-2021-23277 affects Eaton Intelligent Power Manager (IPM) versions prior to 1.69. The issue is an unauthenticated eval injection in the loadUserFile function (scripts/libs/utils.js) where user input is not neutralized before dynamic evaluation, enabling an attacker to influence input to the fu...

GHSA-W8H4-VW8F-RVVJ Improper Control of Dynamically-Managed Code Resources in config-shield

scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...

Improper Control of Dynamically-Managed Code Resources in config-shield

scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...

VulnCheck KEV: CVE-2019-13372

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication...

Remote Code Execution (RCE)

mongodb-query-parser is vulnerable to remote code execution RCE. The vulnerability exists through the use of unsafe version of safer-eval, and context-eval in the older versions. This vulnerability is related to CVE-2019-10769...