172 matches found
CVE-2023-45806 Discourse vulnerable to DoS via Regexp Injection in Full Name
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, if a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicat...
CVE-2023-45806
Discourse is affected by CVE-2023-45806. Before versions 3.1.3 (stable) and 3.2.0.beta3 (beta/tests-passed), if a quoted user has a full name containing a ‘|’, updating the name can trigger a bug that generates a large amount of duplicate content across posts that mention the user. The issue is f...
Code injection
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period...
CVE-2023-27895
SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful...
Code injection
SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful...
CVE-2023-27895 Information Disclosure vulnerability in SAP Authenticator for Android
SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update
An update is now available for Red Hat OpenShift GitOps 1.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...
Nextcloud Server < 23.0.12, 24.x < 24.0.8 SSRF Vulnerability (GHSA-mqrx-grp7-244m)
Nextcloud Server is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Server side request forgery (ssrf)
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and 23.0.12 and Nextcloud Enterprise server prior to 24.0.8 and 23.0.12 are vulnerable to server-side request forgery SSRF. Attackers can leverage enclosed alphanumeri...
CVE-2023-25162 Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and 23.0.12 and Nextcloud Enterprise server prior to 24.0.8 and 23.0.12 are vulnerable to server-side request forgery SSRF. Attackers can leverage enclosed alphanumeri...
Insufficient Entropy In Randomly-Generated Alphanumeric Strings
github.com/masterminds/goutils has insufficient entropy In randomly-generated alphanumeric strings. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9 which significantly reduces the amount of entropy in short strings...
CVE-2021-4238
A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amou...
GHSA-3839-6R69-M497 Duplicate Advisory: GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xg2h-wx96-xgxr. This link is maintained to preserve external references. Original Description Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and...
Duplicate Advisory: GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xg2h-wx96-xgxr. This link is maintained to preserve external references. Original Description Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and...
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...
AZL-41275 CVE-2021-4238 affecting package influxdb for versions less than 2.7.3-3
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...
CVE-2021-4238
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...
Design/Logic Flaw
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...
CVE-2021-4238 Insufficient randomness in github.com/Masterminds/goutils
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...
CVE-2021-4238 Insufficient randomness in github.com/Masterminds/goutils
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...