Versions of the library from 0.2.2 to 1.0.9 are vulnerable to the arbitrary code execution due to unsafe usage of new Function(...) in the module that handles points format. Applications passing the 3rd parameter to the hull function without sanitising may be impacted. The vulnerability has ...
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick [1] to solve it. [...
JFrog Security research team identifies vulnerability in TensorFlow allowing an attacker to insert a malicious input that runs arbitrary Python code. Learn more >
Spring Cloud Gateway 3.1.1+ 3.0.7+ Credit This vulnerability was discovered and responsibly reported by Wyatt Dahlenburg. References https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H History ...
1.OS Command Injections vulnerability (CVE-2014-6271). GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand...
Cross-site Scripting (XSS) is one of the most prevalent vulnerability types that affect Web applications. This article provides an overview of a dissertation, which addresses the problem XSS as a whole: It starts with a systematic deduction of causes and consequences of XSS, proceeds with present...
and lastly, accessing an address pointed by the uniform resource locator L in the H, and judging whether or not remote code injection vulnerability based on the Web browser helper object exists according to the execution or non-execution of remote code injection by the object Web server to be...
vulnId=CVE-2014-6271http://seclists.org/oss-sec/2014/q3/651https://access.redhat.com/node/1200223http://seclists.org/oss-sec/2014/q3/650https://community.qualys.com/blogs/securitylabs/2014/09/24/bash-remote-code-execution-vulnerability-cve-2014-6271...
A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. The vulnerability is due to insufficient input validation of parameters passed to a specific function within the user...
Using this vulnerability, attackers can even inject a form on the recipient's chat window, tricking them to reveal their sensitive information using social engineering attacks. It had previously been speculated that the Signal flaw might have allowed attackers to execute system commands or gain sensit...