18 matches found
EUVD-2021-1106
Malware in sbrugna...
Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go
...
CVE-2023-29405 Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. Flags containing...
GO-2023-1842 Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. Flags containing...
SUSE CVE-2017-1000367
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation embedded spaces in the getprocessttyname function resulting in information disclosure and command execution...
Denial of service in chrono-node
This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces...
GHSA-HPMR-G4PQ-JHGP Denial of service in chrono-node
This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces...
Denial Of Service (DoS)
chrono-node is vulnerable to denial of service DoS. The vulnerability exists due to catastrophic backtracking in the regex matching, due to embedded spaces in the parseTimeUnits function...
Unspecified vulnerability in Npm chrono-node
Npm chrono-node is an application from Npm USA. Used to handle most date/time formats and extract information from any given text. A security vulnerability exists in Chrono-node prior to version 2.2.4, which stems from the program hanging on date-like strings with a large number of embedded space...
CVE-2021-23371
This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces...
Design/Logic Flaw
This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces...
CVE-2021-23371 Regular Expression Denial of Service (ReDoS)
This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces...
CVE-2021-23371
This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces...
Npm chrono-node 安全漏洞
Npm chrono-node is an application from Npm USA. Used to handle most date/time formats and extract information from any given text. A security vulnerability exists in Chrono-node prior to version 2.2.4, which stems from the program hanging on date-like strings with a large number of embedded space...
Regular Expression Denial of Service (ReDoS)
Overview chrono-node is an A natural language date parser in Javascript Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. It hangs on a date-like string with lots of embedded spaces. Details Denial of Service DoS describes a family of attacks, all aim...
CVE-2017-1000367
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation embedded spaces in the getprocessttyname function resulting in information disclosure and command execution...
CVE-2017-1000367
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation embedded spaces in the getprocessttyname function resulting in information disclosure and command execution...
CVE-2017-1000367
CVE-2017-1000367 affects sudo versions up to and including 1.8.20 and earlier, due to input validation issues in get_process_ttyname() that incorrectly parsed tty information from /proc, enabling information disclosure and local privilege escalation. The issue is tied to parsing tty data from the...