Lucene search
K

2522 matches found

OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.25 views

Huawei EulerOS: Security Advisory for oprofile (EulerOS-SA-2019-2516)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS9.6AI score0.01367EPSS
Exploits1References2
Oracle linux
Oracle linux
added 2020/01/22 12:0 a.m.44 views

python-reportlab security update

3.4.0-6.el810.2 - Fix Requires for doc subpackage - Resolves: 1788556 3.4.0-6.el810.1 - Do not eval strings passed to toColor - Resolves: 1788555...

9.8CVSS1.7AI score0.10231EPSS
Exploits1
Oracle linux
Oracle linux
added 2020/01/22 12:0 a.m.68 views

python-reportlab security update

2.5-9.el77.1 - Do not eval strings passed to toColor - Resolves: 1788552 2.5-9 - Mass rebuild 2014-01-24 2.5-8 - Mass rebuild 2013-12-27 2.5-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora19MassRebuild 2.5-6 - Add a dep on python-imaging to process images 2.5-5 - Rebuilt for...

9.8CVSS10AI score0.10231EPSS
Exploits1
NVD
NVD
added 2020/01/11 1:15 a.m.24 views

CVE-2020-6836

grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may...

9.8CVSS9.8AI score0.02107EPSS
Exploits0References3
OSV
OSV
added 2020/01/11 1:15 a.m.18 views

CVE-2020-6836

grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may...

9.8CVSS7.7AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2019/12/22 6:15 p.m.28 views

CVE-2019-19920

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature. This issue is similar to CVE-2018-11805...

9CVSS7.5AI score0.0316EPSS
Exploits0References5
Prion
Prion
added 2019/12/22 6:15 p.m.25 views

Design/Logic Flaw

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature. This issue is similar to CVE-2018-11805...

9CVSS7.4AI score0.0316EPSS
Exploits0References5Affected Software3
OSV
OSV
added 2019/12/22 6:15 p.m.3 views

UBUNTU-CVE-2019-19920

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature. This issue is similar to CVE-2018-11805...

8.8CVSS7.6AI score0.0316EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2019/12/22 5:7 p.m.28 views

CVE-2019-19920

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature. This issue is similar to CVE-2018-11805...

9CVSS9AI score0.0316EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2019/12/22 12:0 a.m.5 views

PT-2019-16009 · Exim +1 · Sa-Exim +1

Name of the Vulnerable Software and Affected Versions: sa-exim version 4.2.1 Description: The issue allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature...

9CVSS7.2AI score0.0316EPSS
Exploits0References20
Node.js
Node.js
added 2019/12/11 4:50 p.m.21 views

Sandbox Breakout / Arbitrary Code Execution

Overview All versions of safer-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context and is not suited to process arbitrary user input. This may allow attackers to execute arbitrary code in the system. Recommendation The...

7.5CVSS5.4AI score0.02574EPSS
Exploits1Affected Software1
OSV
OSV
added 2019/12/11 2:1 a.m.3 views

GHSA-V63X-XC9J-HHVQ Sandbox Breakout / Arbitrary Code Execution in safer-eval

All versions of safer-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context and is not suited to process arbitrary user input. This may allow attackers to execute arbitrary code in the system. Recommendation The package is...

9.8CVSS7.6AI score0.02574EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2019/12/11 2:1 a.m.4 views

@achil/parcel-bundler (>=1.11.1 <=1.12.34), @acies/core (>=1.2.89 <=1.2.215) +134 more potentially affected by CVE-2019-10769 via safer-eval (>=1.2.3 <=1.3.6)

safer-eval NPM version =1.2.3, =1.11.1, =1.2.89, =0.1.0, =4.0.0, =4.1.0, =4.1.2, =0.9.2-pre.41, =2.0.2, =1.0.0, =1.9.3, =0.3.0, =1.12.3, =1.0.0, =0.0.1, =3.4.4 and more Source cves: CVE-2019-10769 Source advisory: OSV:GHSA-V63X-XC9J-HHVQ...

9.8CVSS7.2AI score0.02574EPSS
Exploits1
Veracode
Veracode
added 2019/12/09 8:5 a.m.24 views

Remote Code Execution (RCE)

safer-eval is vulnerable to remote code execution RCE. The attack is possible due to the generation of RangeError when a Maximum call stack size is exceeded during the sandboxing of the evaluation of code used within the eval function...

9.8CVSS3.3AI score0.02574EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2019/12/09 12:0 a.m.3 views

safer-eval Input Validation Error Vulnerability

safer-eval is a security evaluation module that runs in node and browsers. An input validation error vulnerability exists in safer-eval. An attacker could exploit this vulnerability to execute arbitrary code...

9.8CVSS7.4AI score0.02574EPSS
Exploits1References1
NVD
NVD
added 2019/12/06 11:15 p.m.9 views

CVE-2019-10769

safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError...

9.8CVSS9.7AI score0.02574EPSS
Exploits1References2
OSV
OSV
added 2019/12/06 11:15 p.m.3 views

CVE-2019-10769

safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError...

9.8CVSS7.4AI score0.02574EPSS
Exploits1References2
Prion
Prion
added 2019/12/06 11:15 p.m.15 views

Design/Logic Flaw

safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError...

7.5CVSS9.6AI score0.02574EPSS
Exploits1References2
CVE
CVE
added 2019/12/06 10:49 p.m.185 views

CVE-2019-10769

The provided data indicates CVE-2019-10769 affects the npm package safer-eval, which sandboxed evaluation uses the eval function. The vulnerability is described as Arbitrary Code Execution via generating a RangeError, with a detailed PoC published in the Huntr entry for safer-eval (1-NPM-SAFER-EV...

9.8CVSS9.5AI score0.02574EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/12/06 10:49 p.m.17 views

CVE-2019-10769

safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError...

9.7AI score0.02574EPSS
Exploits1References2
Rows per page
Query Builder