PT-2023-22684 · Dotcms · Dotcms

Name of the Vulnerable Software and Affected Versions: dotCMS versions prior to 23.06 dotCMS versions prior to LTS 22.03.7 dotCMS versions prior to LTS 23.01.4 Description: A flaw in the NormalizationFilter of dotCMS does not strip double slashes // from URLs, potentially enabling bypasses for XS...

curl: CVE-2023-46218: cookie mixed case PSL bypass

A vulnerability in libcurl was discovered that allows bypassing cookie domain restrictions through improper hostname normalization. This enables a malicious site to set supercookies readable by other sites under the same top level domain. The issue was caused by libcurl failing to convert the...

Node.js: Regular Expression Denial of Service in Headers fetch API

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...

M-04 Unmitigated

Lines of code Vulnerability details Impact The previously identified vulnerability of potential rounding issues during reward calculations has not been fully mitigated. The current strategy to keep remainders and use them in subsequent claimAndSyncRewards calls does not adequately address the iss...

ICS protocol coverage using Snort 3 service inspectors

With more devices on operational technology OT networks now getting connected to wide-reaching IT networks, it is more important than ever to have effective detection capabilities for ICS protocols. However, there are a few issues that usually arise when creating detection for ICS protocol traffi...

Mastodon Security Vulnerability

Mastodon is an open source social networking server based on ActivityPub. A security vulnerability exists in Mastodon versions prior to 3.5.14, prior to 4.0.10, prior to 4.1.8, and prior to 4.2.0-rc2, which stems from the fact that, under certain circumstances, an attacker can exploit flaws in...

PT-2023-7360 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions prior to 3.5.14 Mastodon versions prior to 4.0.10 Mastodon versions prior to 4.1.8 Mastodon versions prior to 4.2.0-rc2 Description: The issue is related to a flaw in domain name normalization, which can be exploited by...

CVE-2023-41889

SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface...

Design/Logic Flaw

SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface...

CVE-2023-41889 Late-Unicode normalization vulnerability in SHIRASAGI

SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface...

CVE-2023-41889

SHIRASAGI (CMS) prior to version 1.18.0 is affected by a Post-Unicode normalization vulnerability. The issue occurs when a security check or validation is performed before Unicode normalization, allowing a character’s Unicode equivalent to resurface after normalization. The fixed version is 1.18....

CVE-2023-41889 Late-Unicode normalization vulnerability in SHIRASAGI

SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface...

CVE-2023-41889 Late-Unicode normalization vulnerability in SHIRASAGI

SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface...

PT-2023-28145 · Shirasagi · Shirasagi

Name of the Vulnerable Software and Affected Versions: SHIRASAGI versions prior to 1.18.0 Description: The issue is related to a Post-Unicode normalization problem. This occurs when security checks are performed before Unicode normalization, allowing Unicode character equivalents to resurface aft...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2686)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

GHSA-J8G2-6FC7-Q8F8 Pyramid static view path traversal up one directory

Impact This impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be...

CVE-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

Apache httpd URL normalization inconsistency

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

_createDepositSingle() call bridgeOut missing normalizeDecimals

Lines of code Vulnerability details Impact Wrong decimal place conversion, resulting in wrong quantity Proof of Concept in createDepositSingle will call IPortlocalPortAddress.bridgeOut The parameter deposit is not converted to 18 decimal createDepositSingle function createDepositSingle address...