CVE-2019-10173

HIGH Year: 2019
CVSS v3 Score
7.3
High
CVSS v2 Score
7.5
High
Weakness Type
CWE-94
View all →

Vulnerability Description

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)

Related Vulnerabilities

CVE-2005-3302

HIGH
CVSS:7.3(High)

Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.

CWE-942005

CVE-2016-7966

HIGH
CVSS:7.3(High)

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sig...

CWE-942016

CVE-2022-0845

HIGH
CVSS:7.3(High)

Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.

CWE-942022

CVE-2022-28766

HIGH
CVSS:7.3(High)

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged ...

CWE-942022

CVE-2022-36069

HIGH
CVSS:7.3(High)

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as `git clone`. These commands are const...

CWE-942022

CVE-2023-24059

HIGH
CVSS:7.3(High)

Grand Theft Auto V for PC allows attackers to achieve partial remote code execution or modify files on a PC, as exploited in the wild in January 2023.

CWE-942023