EUVD-2018-0370

Malware in sbrugna...

EUVD-2025-29398

Malicious code in bioql PyPI...

AZL-69926 CVE-2024-58098 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: track changespktdata property for global functions When processing calls to certain helpers, verifier invalidates all packet pointers in a current state. For example, consider the following program: attributenoinline long...

Picklescan failed to detect to some unsafe global function in Numpy library

Summary An unsafe deserialization vulnerability in Python’s pickle module allows an attacker to bypass static analysis tools like Picklescan and execute arbitrary code during deserialization. This can be exploited by import some built-in function in Numpy library that indrectly call some dangerou...

CVE-2024-43910

In the Linux kernel, the following vulnerability has been resolved: bpf: add missing checkfuncargregoff to prevent out-of-bounds memory accesses Currently, it's possible to pass in a modified CONSTPTRTODYNPTR to a global function as an argument. The adverse effects of this is that BPF helpers can...

UBUNTU-CVE-2024-43910

In the Linux kernel, the following vulnerability has been resolved: bpf: add missing checkfuncargregoff to prevent out-of-bounds memory accesses Currently, it's possible to pass in a modified CONSTPTRTODYNPTR to a global function as an argument. The adverse effects of this is that BPF helpers can...

CVE-2024-43910

In the Linux kernel, the following vulnerability has been resolved: bpf: add missing checkfuncargregoff to prevent out-of-bounds memory accesses Currently, it's possible to pass in a modified CONSTPTRTODYNPTR to a global function as an argument. The adverse effects of this is that BPF helpers can...

CVE-2024-43910 bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses

In the Linux kernel, the following vulnerability has been resolved: bpf: add missing checkfuncargregoff to prevent out-of-bounds memory accesses Currently, it's possible to pass in a modified CONSTPTRTODYNPTR to a global function as an argument. The adverse effects of this is that BPF helpers can...

CVE-2024-43910 bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses

In the Linux kernel, the following vulnerability has been resolved: bpf: add missing checkfuncargregoff to prevent out-of-bounds memory accesses Currently, it's possible to pass in a modified CONSTPTRTODYNPTR to a global function as an argument. The adverse effects of this is that BPF helpers can...

CVE-2024-43910

In the Linux kernel, the following vulnerability has been resolved: bpf: add missing checkfuncargregoff to prevent out-of-bounds memory accesses Currently, it's possible to pass in a modified CONSTPTRTODYNPTR to a global function as an argument. The adverse effects of this is that BPF helpers can...

DEBIAN-CVE-2021-3603

PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called if such code is injected into the host project's scope by other means. If the $patternselect parameter to validateAddress is set to 'php' the default, defined by PHPMailer::$validator, and the globa...

CVE-2021-3603

PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called if such code is injected into the host project's scope by other means. If the $patternselect parameter to validateAddress is set to 'php' the default, defined by PHPMailer::$validator, and the globa...

Sandbox Breakout / Arbitrary Code Execution

Overview Versions of static-evalprior to 2.0.2 pass untrusted user input directly to the global function constructor, resulting in an arbitrary code execution vulnerability when user input is parsed via the package. Proof of concept var evaluate = require'static-eval'; var parse =...

Sandbox Breakout / Arbitrary Code Execution in static-eval

Affected versions of static-eval pass untrusted user input directly to the global function constructor, resulting in an arbitrary code execution vulnerability when user input is parsed via the package. Proof of concept js var evaluate = require'static-eval'; var parse = require'esprima'.parse; va...

GHSA-5MJW-6JRH-HVFQ Sandbox Breakout / Arbitrary Code Execution in static-eval

Affected versions of static-eval pass untrusted user input directly to the global function constructor, resulting in an arbitrary code execution vulnerability when user input is parsed via the package. Proof of concept js var evaluate = require'static-eval'; var parse = require'esprima'.parse; va...

CVE-2017-16226

The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution...

CVE-2017-16226

The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution...

Code injection

The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution...

CVE-2017-16226

The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution...

static-eval Arbitrary Code Execution Vulnerability

static-eval is a module for evaluating statically analyzable expressions. A security vulnerability exists in static-eval. An attacker can exploit this vulnerability to execute arbitrary code by accessing the constructor of the global function...