151 matches found
CVE-2023-42183
lockss-daemon aka Classic LOCKSS Daemon before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick...
CVE-2023-42183
lockss-daemon aka Classic LOCKSS Daemon before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick...
PT-2023-28288 · Unknown · Lockss-Daemon
Name of the Vulnerable Software and Affected Versions: lockss-daemon versions prior to 1.77.3 Description: The issue is related to post-Unicode normalization, which may allow bypass of intended access restrictions. This can occur when certain Unicode characters, such as U+1FEF, are converted to...
CVE-2023-46695
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS denial of service attack via certain inputs with a very large number of...
CVE-2023-41889
SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface...
Design/Logic Flaw
SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface...
CVE-2023-41889
SHIRASAGI (CMS) prior to version 1.18.0 is affected by a Post-Unicode normalization vulnerability. The issue occurs when a security check or validation is performed before Unicode normalization, allowing a character’s Unicode equivalent to resurface after normalization. The fixed version is 1.18....
CVE-2023-41889 Late-Unicode normalization vulnerability in SHIRASAGI
SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface...
CVE-2023-41889 Late-Unicode normalization vulnerability in SHIRASAGI
SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface...
CVE-2023-41889 Late-Unicode normalization vulnerability in SHIRASAGI
SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface...
PT-2023-28145 · Shirasagi · Shirasagi
Name of the Vulnerable Software and Affected Versions: SHIRASAGI versions prior to 1.18.0 Description: The issue is related to a Post-Unicode normalization problem. This occurs when security checks are performed before Unicode normalization, allowing Unicode character equivalents to resurface aft...
SUSE CVE-2019-9636
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are:...
OPENSUSE-SU-2023:0019-1 Security update for libheimdal
This update for libheimdal fixes the following issues: Update to version 7.8.0 - CVE-2022-42898 PAC parse integer overflows - CVE-2022-3437 Overflows and non-constant time leaks in DES,3 and arcfour - CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array - CVE-2021-44758 A nu...
Fedora 36 : heimdal (2022-dba9ba8e2b)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-dba9ba8e2b advisory. Fixes: Delay service starts until after network is online rhbz2005501 Restart services on package update will apply when updating from this release...
USN-5766-1: Heimdal vulnerability
It was discovered that Heimdal did not properly manage memory when normalizing Unicode. An attacker could possibly use this issue to cause a denial of service...
USN-5766-1 heimdal vulnerability
It was discovered that Heimdal did not properly manage memory when normalizing Unicode. An attacker could possibly use this issue to cause a denial of service...
CVE-2022-41916
...
nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite
A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an...
nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite
A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an...
nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite
A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an...