208 matches found
RUSTSEC-2024-0343 Reduced entropy due to inadequate character set usage
Description Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nanoid::base62 and nanoid::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the intended 62 symbols, and the base58 function used a...
Fedora 40 : llhttp / python-aiohttp (2023-f2bb9ee617)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-f2bb9ee617 advisory. python-aiohttp 3.8.6 2023-10-07 https://github.com/aio-libs/aiohttp/blob/v3.8.6/CHANGES.rst386-2023-10-07 Security bugfixes - Upgraded llhttp to v9.1.3:...
DEBIAN-CVE-2024-2961
The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable...
python-aiohttp: http request smuggling
An HTTP request smuggling vulnerability was found in aiohttp. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets that must trigger error handling to robustly match frame boundaries of proxies in order to protect against the injection of...
BIT-GOLANG-2023-24540 Improper handling of JavaScript whitespace in html/template
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...
PassBreaker - Command-line Password Cracking Tool Developed In Python
PassBreaker is a command-line password cracking tool developed in Python. It allows you to perform various password cracking techniques such as wordlist-based attacks and brute force attacks. Features Wordlist-based password cracking Brute force password cracking Support for multiple hash...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xterm (SUSE-SU-2023:4438-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4438-1 advisory. - xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characte...
xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e. neither alphanumeric nor underscore) aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature.
...
CVE-2023-40359
xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters i.e., neither alphanumeric nor underscore, aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature...
CVE-2023-40359
xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters i.e., neither alphanumeric nor underscore, aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature...
CVE-2023-40359
xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters i.e., neither alphanumeric nor underscore, aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature...
CVE-2023-40359
xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters i.e., neither alphanumeric nor underscore, aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature...
Buffer overflow
xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters i.e., neither alphanumeric nor underscore, aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature...
UBUNTU-CVE-2023-40359
xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters i.e., neither alphanumeric nor underscore, aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature...
CVE-2023-40359
xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters i.e., neither alphanumeric nor underscore, aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature...
CVE-2023-40359
xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters i.e., neither alphanumeric nor underscore, aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature...
CVE-2023-40359
xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters i.e., neither alphanumeric nor underscore, aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature...
CVE-2023-40359
CVE-2023-40359 affects xterm versions before 380 where ReGIS reporting can mishandle character-set names containing characters outside alphanumeric/underscore, causing a pointer/overflow. Root cause: compile-time enabled experimental ReGIS feature. Impact is described as high-severity in the init...
OPENSUSE-SU-2023:0191-1 Security update for zabbix
This update for zabbix fixes the following issues: Updated to latest release 4.0.47, this version fixes CVE-2023-29454 boo1213338: - New Features and Improvements + ZBXNEXT-7694 Added 'utf8mb3' character set support for MySQL database + ZBX-20946 Enabled Bulgarian, Chinese zhTW, German, Greek,...
CVE-2023-1016
The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.4.1, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'updateoptions' function as well as the...