Lucene search
K

88 matches found

OSV
OSV
added 2022/01/10 2:12 p.m.1 views

ALPINE-CVE-2022-22817

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...

9.8CVSS7AI score0.03399EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/11/05 12:0 a.m.6 views

Google TensorFlow 代码注入漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. An operating system command injection vulnerability exists in Google TensorFlow, which stems from the fact that the savedmodelcli tool is vulnerable to code injection because it calls eval on a...

7.8CVSS6.2AI score0.00208EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2021/09/08 1:32 p.m.7 views

jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid...

5.3CVSS7.1AI score0.02132EPSS
Exploits1References5
OSV
OSV
added 2021/02/04 11:2 a.m.3 views

OESA-2021-1020 squid security update

Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests.\r\n\r\n Security Fixes:\r\n\r\n An issue was discovered in Squid through 4.7. When handling the tag...

9.8CVSS7.1AI score0.06734EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/05/06 1:53 p.m.5 views

squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow

A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression. While processing the expression, there is no check to ensure that the stack won't overflow...

9.8CVSS6.1AI score0.06734EPSS
Exploits0References6
OSV
OSV
added 2015/06/07 12:0 a.m.2 views

UBUNTU-CVE-2014-7810

The Expression Language EL implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanis...

5CVSS6.7AI score0.13872EPSS
Exploits0References7
securityvulns
securityvulns
added 2013/07/29 12:0 a.m.93 views

[CVE-2013-2250] Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz

CVE-2013-2250 - Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz Vendor: The Apache Software Foundation Versions Affected: Apache OFBiz 10.04.01 to 10.04.05 Apache OFBiz 11.04.01 to 11.04.02 Apache OFBiz 12.04.01 Description: Parameter valu...

10CVSS3.1AI score0.12138EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2010/11/05 12:0 a.m.31 views

CVE-2010-3835

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service mysqld server crash by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be...

4CVSS5.9AI score0.03391EPSS
Exploits0References3
Rows per page
Query Builder