CVE-2013-1437

The CVE-2013-1437 entry relates to the Perl Module-Metadata module: versions before 1.000015 evaluate the $Version value and can execute arbitrary Perl code, enabling remote code execution. Affected component: Module-Metadata (Perl). Impact: remote code execution with high severity. Remediation: ...

CVE-2013-1437

Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value...

Huawei EulerOS: Security Advisory for oprofile (EulerOS-SA-2019-2516)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

python-reportlab security update

2.5-9.el77.1 - Do not eval strings passed to toColor - Resolves: 1788552 2.5-9 - Mass rebuild 2014-01-24 2.5-8 - Mass rebuild 2013-12-27 2.5-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora19MassRebuild 2.5-6 - Add a dep on python-imaging to process images 2.5-5 - Rebuilt for...

python-reportlab security update

3.4.0-6.el810.2 - Fix Requires for doc subpackage - Resolves: 1788556 3.4.0-6.el810.1 - Do not eval strings passed to toColor - Resolves: 1788555...

CVE-2020-6836

grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may...

CVE-2020-6836

grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may...

UBUNTU-CVE-2019-19920

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature. This issue is similar to CVE-2018-11805...

CVE-2019-19920

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature. This issue is similar to CVE-2018-11805...

Design/Logic Flaw

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature. This issue is similar to CVE-2018-11805...

CVE-2019-19920

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature. This issue is similar to CVE-2018-11805...

PT-2019-16009 · Exim +1 · Sa-Exim +1

Name of the Vulnerable Software and Affected Versions: sa-exim version 4.2.1 Description: The issue allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature...

Sandbox Breakout / Arbitrary Code Execution

Overview All versions of safer-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context and is not suited to process arbitrary user input. This may allow attackers to execute arbitrary code in the system. Recommendation The...

GHSA-V63X-XC9J-HHVQ Sandbox Breakout / Arbitrary Code Execution in safer-eval

All versions of safer-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context and is not suited to process arbitrary user input. This may allow attackers to execute arbitrary code in the system. Recommendation The package is...

@achil/parcel-bundler (>=1.11.1 <=1.12.34), @acies/core (>=1.2.89 <=1.2.215) +134 more potentially affected by CVE-2019-10769 via safer-eval (>=1.2.3 <=1.3.6)

safer-eval NPM version =1.2.3, =1.11.1, =1.2.89, =0.1.0, =4.0.0, =4.1.0, =4.1.2, =0.9.2-pre.41, =2.0.2, =1.0.0, =1.9.3, =0.3.0, =1.12.3, =1.0.0, =0.0.1, =3.4.4 and more Source cves: CVE-2019-10769 Source advisory: OSV:GHSA-V63X-XC9J-HHVQ...

Remote Code Execution (RCE)

safer-eval is vulnerable to remote code execution RCE. The attack is possible due to the generation of RangeError when a Maximum call stack size is exceeded during the sandboxing of the evaluation of code used within the eval function...

safer-eval Input Validation Error Vulnerability

safer-eval is a security evaluation module that runs in node and browsers. An input validation error vulnerability exists in safer-eval. An attacker could exploit this vulnerability to execute arbitrary code...

CVE-2019-10769

safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError...

CVE-2019-10769

safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError...

Design/Logic Flaw

safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError...