Arbitrary Code Execution

metacalc is vulnerable to arbitrary code execution. The vulnerability exists in sheet.js due to lack of validation in Math class which allows an attacker to inject and execute arbitrary code...

GHSA-5GC4-CX9X-9C43 Code Injection in metacalc

The package metacalc before 0.0.2 is vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor...

Code Injection in metacalc

The package metacalc before 0.0.2 is vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor...

Design/Logic Flaw

The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor...

metacalc 代码注入漏洞

metacalc is a Metarhia spreadsheet calculator for the Metarhia community. A security vulnerability exists in versions of metacalc prior to 0.0.2, which stems from vulnerability to arbitrary code execution attacks. An attacker exploited the vulnerability to access the Function constructor of...

CVE-2022-21122 Arbitrary Code Execution

The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor...

CVE-2022-21122

CVE-2022-21122 affects metacalc prior to 0.0.2. The root cause is exposure of JavaScript Math to the v8 context, which allows access to Function constructor and arbitrary code execution. Documented in multiple sources (Snyk, GHSA, Veracode, OSV/NVD mirrors). Impact is arbitrary code execution thr...

CVE-2022-21122

The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor...

PT-2022-14865

Name of the Vulnerable Software and Affected Versions metacalc versions prior to 0.0.2 Description The issue allows for Arbitrary Code Execution when the Math class is exposed to the v8 context, enabling access to JavaScript's Function constructor. This exposure to user-land can be exploited...

golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString

A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system...

GO-2021-0317 Uncontrolled memory consumption in math/big

Rat.SetString had an overflow issue that can lead to uncontrolled memory consumption...

Integer Overflow or Wraparound

Overview std/math/big is a Go standard library package std/math/big Affected versions of this package are vulnerable to Integer Overflow or Wraparound. Go Vulnerability Report: Rat.SetString had an overflow issue that can lead to uncontrolled memory consumption. Remediation Upgrade std/math/big t...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2022-1819)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1819 advisory. delve 1.7.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.7.2-1 - Rebase to 1.7.2 - Related: rhbz2014088 golang 1.17.7-1 - Rebase...

Arbitrary Code Execution

Overview metacalc is a Spreadsheet calculations for Metarhia Affected versions of this package are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function...

new packages: perl-Math-BigRat

An update is available for perl-Math-BigRat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: perl-Math-BigInt-FastCalc

An update is available for perl-Math-BigInt-FastCalc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see th...

new packages: perl-Math-BigInt

An update is available for perl-Math-BigInt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

CVE-2022-30782

Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers...

CVE-2022-30782

Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers...

at.newmedialab.ldpath:ldpath-api (>=0.9.12 <=0.9.13), at.newmedialab.ldpath:ldpath-backend-jena (>=0.9.12 <=0.9.13) +1790 more potentially affected by CVE-2018-8088 via org.slf4j:slf4j-ext (>=1.0-alpha0 <=1.7.25)

org.slf4j:slf4j-ext MAVEN version =1.0-alpha0, =0.9.12, =0.9.12, =0.9.12, =0.9.12, =0.9.11, =0.9.12, =0.1-1, =2.3.0, =2.3.1 and more Source cves: CVE-2018-8088 Source advisory: OSV:GHSA-W77P-8CFG-2X43...