Security update for python-asteval (moderate)

openSUSE Security Update: Security update for python-asteval Announcement ID: openSUSE-SU-2025:0052-1 Rating: moderate References: 1236405 Cross-References: CVE-2025-24359 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: This...

Medium: perl-Module-ScanDeps

Issue Overview: Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...

BIT-PYTHON-MIN-2020-27619

In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...

Remote Code Execution (RCE)

Overview org.webjars.npm:jsonpath-plus is an A JS implementation of JSONPath with some additional operators Affected versions of this package are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the...

Remote Code Execution (RCE)

Overview jsonpath-plus is an A JS implementation of JSONPath with some additional operators Affected versions of this package are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usag...

BIT-VALKEY-2024-46981 Redis' Lua library commands may lead to remote code execution

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

data-agora (=0.1.1), dtx (>=0.31.0 <=0.34.0) +10 more potentially affected by CVE-2024-10044 via fastchat (=0.1.0)

fastchat PYPI version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on fastchat and may be impacted: - data-agora =0.1.1 - dtx =0.31.0, =0.2.0, =0.18.3, =0.0.2, =0.4.0, =0.0.1, =0.1.3, =0.1.0, =0.1.0, =0.1.1 Source cves: CVE-2024-10044 Source...

CVE-2024-9101

A reflected cross-site scripting XSS vulnerability in the 'Entry Chooser' of phpLDAPadmin version 1.2.1 through the latest version, 1.2.6.7 allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' functio...

DEBIAN-CVE-2024-9101

A reflected cross-site scripting XSS vulnerability in the 'Entry Chooser' of phpLDAPadmin version 1.2.1 through the latest version, 1.2.6.7 allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' functio...

UBUNTU-CVE-2024-9101

A reflected cross-site scripting XSS vulnerability in the 'Entry Chooser' of phpLDAPadmin version 1.2.1 through the latest version, 1.2.6.7 allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' functio...

ComfyUI_AceNodes 安全漏洞

ComfyUIAceNodes is a utility node for ComfyUI by Kaifeng Xu, a personal developer. A security vulnerability exists in ComfyUIAceNodes, which originates when the entry point function of the ACEExpressionEval node accepts arbitrary user-controlled data, which allows the user to create a workflow th...

OESA-2024-2496 perl-Module-ScanDeps security update

This module scans potential modules used by perl programs, and returns a hash reference; its keys are the module names as appears in %INC e.g. Test/More.pm; the values are hash references. Security Fixes: Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps,...

Exploit for Code Injection in Geoserver

CVE-2024-36401 Usage bash python3 e...

CVE-2024-10224

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...

AZL-53394 CVE-2024-10224 affecting package perl-Module-ScanDeps for versions less than 1.35-2

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...

DEBIAN-CVE-2024-10224

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...

CVE-2024-10224

Qualys reports CVE-2024-10224 affects perl-Module-ScanDeps prior to 1.36, where unsanitized input could allow local command execution via open() of a pipe or by eval(). Remediations shown in connected advisories include updating to 1.36+ (examples show 1.37+ in Amazon Linux 2023/AL2023 and other ...

Module-ScanDeps 权限许可和访问控制问题漏洞

Module-ScanDeps is an application by Roderich Schupp Personal Developer. A security vulnerability exists in Module-ScanDeps versions prior to 1.36 that stems from improper input validation, which could lead to a local attacker executing arbitrary shell commands by opening a pesky pipe or passing ...

CVE-2024-4343

A Python command injection vulnerability exists in the SagemakerLLM class's complete method within ./privategpt/components/llm/custom/sagemaker.py of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the eval function to parse a...

CVE-2024-4343

A Python command injection vulnerability exists in the SagemakerLLM class's complete method within ./privategpt/components/llm/custom/sagemaker.py of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the eval function to parse a...