88 matches found
ALPINE-CVE-2022-22817
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...
Google TensorFlow 代码注入漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. An operating system command injection vulnerability exists in Google TensorFlow, which stems from the fact that the savedmodelcli tool is vulnerable to code injection because it calls eval on a...
jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid...
OESA-2021-1020 squid security update
Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests.\r\n\r\n Security Fixes:\r\n\r\n An issue was discovered in Squid through 4.7. When handling the tag...
squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow
A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression. While processing the expression, there is no check to ensure that the stack won't overflow...
UBUNTU-CVE-2014-7810
The Expression Language EL implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanis...
[CVE-2013-2250] Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz
CVE-2013-2250 - Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz Vendor: The Apache Software Foundation Versions Affected: Apache OFBiz 10.04.01 to 10.04.05 Apache OFBiz 11.04.01 to 11.04.02 Apache OFBiz 12.04.01 Description: Parameter valu...
CVE-2010-3835
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service mysqld server crash by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be...