Lucene search
K

208 matches found

OSV
OSV
added 2024/06/03 12:0 p.m.35 views

RUSTSEC-2024-0343 Reduced entropy due to inadequate character set usage

Description Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nanoid::base62 and nanoid::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the intended 62 symbols, and the base58 function used a...

9.4CVSS9.4AI score0.00754EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.16 views

Fedora 40 : llhttp / python-aiohttp (2023-f2bb9ee617)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-f2bb9ee617 advisory. python-aiohttp 3.8.6 2023-10-07 https://github.com/aio-libs/aiohttp/blob/v3.8.6/CHANGES.rst386-2023-10-07 Security bugfixes - Upgraded llhttp to v9.1.3:...

5.8AI score
Exploits0References1
OSV
OSV
added 2024/04/17 6:15 p.m.8 views

DEBIAN-CVE-2024-2961

The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable...

7.3CVSS7AI score0.8833EPSS
Exploits16References1
RedHat Linux
RedHat Linux
added 2024/04/02 7:34 p.m.4 views

python-aiohttp: http request smuggling

An HTTP request smuggling vulnerability was found in aiohttp. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets that must trigger error handling to robustly match frame boundaries of proxies in order to protect against the injection of...

6.5CVSS7.1AI score0.0102EPSS
Exploits1References5
OSV
OSV
added 2024/03/06 10:56 a.m.23 views

BIT-GOLANG-2023-24540 Improper handling of JavaScript whitespace in html/template

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...

9.8CVSS8.9AI score0.01548EPSS
Exploits0References6
Kitploit
Kitploit
added 2023/12/06 11:30 a.m.54 views

PassBreaker - Command-line Password Cracking Tool Developed In Python

PassBreaker is a command-line password cracking tool developed in Python. It allows you to perform various password cracking techniques such as wordlist-based attacks and brute force attacks. Features Wordlist-based password cracking Brute force password cracking Support for multiple hash...

7.6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/15 12:0 a.m.33 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xterm (SUSE-SU-2023:4438-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4438-1 advisory. - xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characte...

9.8CVSS7AI score0.00734EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2023/08/23 7:0 a.m.7 views

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e. neither alphanumeric nor underscore) aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature.

...

9.8CVSS7.2AI score0.00734EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2023/08/22 5:50 p.m.29 views

CVE-2023-40359

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters i.e., neither alphanumeric nor underscore, aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature...

3.3CVSS8.9AI score0.00734EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/08/14 5:15 p.m.6 views

CVE-2023-40359

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters i.e., neither alphanumeric nor underscore, aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature...

9.8CVSS6.7AI score0.00734EPSS
Exploits0References2
NVD
NVD
added 2023/08/14 5:15 p.m.29 views

CVE-2023-40359

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters i.e., neither alphanumeric nor underscore, aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature...

9.8CVSS9.4AI score0.00734EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/08/14 5:15 p.m.351 views

CVE-2023-40359

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters i.e., neither alphanumeric nor underscore, aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature...

9.8CVSS6.8AI score0.00734EPSS
Exploits0References2
Prion
Prion
added 2023/08/14 5:15 p.m.19 views

Buffer overflow

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters i.e., neither alphanumeric nor underscore, aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature...

7.5CVSS9.3AI score0.00734EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/08/14 5:15 p.m.11 views

UBUNTU-CVE-2023-40359

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters i.e., neither alphanumeric nor underscore, aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature...

9.8CVSS5.8AI score0.00734EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/08/14 12:0 a.m.14 views

CVE-2023-40359

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters i.e., neither alphanumeric nor underscore, aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature...

6.6AI score0.00734EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2023/08/14 12:0 a.m.44 views

CVE-2023-40359

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters i.e., neither alphanumeric nor underscore, aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature...

9.8CVSS8.9AI score0.00734EPSS
Exploits0
Cvelist
Cvelist
added 2023/08/14 12:0 a.m.37 views

CVE-2023-40359

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters i.e., neither alphanumeric nor underscore, aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature...

9.5AI score0.00734EPSS
Exploits0References1
CVE
CVE
added 2023/08/14 12:0 a.m.78 views

CVE-2023-40359

CVE-2023-40359 affects xterm versions before 380 where ReGIS reporting can mishandle character-set names containing characters outside alphanumeric/underscore, causing a pointer/overflow. Root cause: compile-time enabled experimental ReGIS feature. Impact is described as high-severity in the init...

9.8CVSS9.1AI score0.00734EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/07/24 10:1 p.m.7 views

OPENSUSE-SU-2023:0191-1 Security update for zabbix

This update for zabbix fixes the following issues: Updated to latest release 4.0.47, this version fixes CVE-2023-29454 boo1213338: - New Features and Improvements + ZBXNEXT-7694 Added 'utf8mb3' character set support for MySQL database + ZBX-20946 Enabled Bulgarian, Chinese zhTW, German, Greek,...

5.4CVSS5.2AI score0.00478EPSS
Exploits0References3
NVD
NVD
added 2023/06/09 6:15 a.m.32 views

CVE-2023-1016

The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.4.1, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'updateoptions' function as well as the...

7.2CVSS6.7AI score0.00971EPSS
Exploits0References3
Rows per page
Query Builder