769 matches found
PYSEC-2022-279
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction...
CVE-2022-40604
CVE-2022-40604 affects Apache Airflow 2.3.0–2.3.4. A component of a URL was unnecessarily formatted, enabling information disclosure from a formatted URL. Multiple sources (NVD, OSV entries, and third‑party advisories) corroborate a format-string/vulnerability in the URL handling path (notably in...
PT-2022-25414 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 2.3.0 through 2.3.4 Description: The issue concerns a part of a URL that was unnecessarily formatted, allowing for possible information extraction. Recommendations: For Apache Airflow versions 2.3.0 through 2.3.4, upda...
CVE-2022-32190
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath"https://go.dev", "../go" returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result...
多款 GitLab 产品资源管理错误漏洞
GitLab is an open source, end-to-end software development platform from GitLab Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab Community Edition CE and GitLab...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, Inc. A security vulnerability previously existed in Google Chrome version 103.0.5060.134, which stemmed from an improperly implemented vulnerability in URL formatting...
USN-5546-2 openjdk-8 vulnerabilities
USN-5546-1 fixed vulnerabilities in OpenJDK. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain...
Fedora: Security Advisory for golang-github-kr-text (FEDORA-2022-ea8f4e232d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: golang-github-kr-text-0.2.0-6.fc36
Miscellaneous functions for formatting text...
UBUNTU-CVE-2022-2165
Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name...
CVE-2022-2165
CVE-2022-2165 — Summary : The connected sources confirm a vulnerability in Google Chrome (desktop) stemming from insufficient data validation in URL formatting, enabling domain spoofing via IDN homographs with a crafted domain name. The issue affects Chrome up to version 103.0.5060.53 and is addr...
PT-2023-4307 · Google +1 · Google Chrome +1
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 103.0.5060.134 Description: The issue is related to an inappropriate implementation in URL formatting, which can be exploited by a remote attacker to perform domain spoofing via a crafted HTML page. This can be...
PT-2022-20577 · Slack · Slack Morphism
Name of the Vulnerable Software and Affected Versions: Slack Morphism versions prior to 0.41.0 Description: The issue concerns the potential leakage of Slack OAuth client information into application debug logs due to insecure debug log formatting. This could lead to the accidental exposure of...
[SECURITY] Fedora 35 Update: golang-github-kr-text-0.2.0-5.fc35
Miscellaneous functions for formatting text...
Fedora: Security Advisory for golang-github-kr-text (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 36 Update: golang-github-kr-text-0.2.0-5.fc36
Miscellaneous functions for formatting text...
CVA6 安全漏洞
CVA6 is an application class 6 RISC-V CPU open-sourced by the OpenHW Group in Canada. A security vulnerability exists in CVA6 that stems from giving incorrect permission to use special multiplication units when instructions are formatted incorrectly...
Security update for chromium (important)
openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2022:10035-1 Rating: important References: 1200783 Cross-References: CVE-2022-2156 CVE-2022-2157 CVE-2022-2158 CVE-2022-2160 CVE-2022-2161 CVE-2022-2162 CVE-2022-2163 CVE-2022-2164 CVE-2022-2165 Affected Products:...
Mageia: Security Advisory (MGASA-2022-0241)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Chromium: CVE-2022-2165 Insufficient data validation in URL formatting
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...